![Giftmio [Lifetime] Many GEOs](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI3MjgiIGhlaWdodD0iOTAiIHZpZXdCb3g9IjAgMCA3MjggOTAiPjxyZWN0IHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHN0eWxlPSJmaWxsOiNjZmQ0ZGI7ZmlsbC1vcGFjaXR5OiAwLjE7Ii8+PC9zdmc+)
The people overseeing the safety of Google’s Chrome browser explicitly forbid third-party extension developers from trying to control how the browser extensions they submit are presented within the Chrome Web Store. The policy specifically calls out search-manipulating techniques akin to listing multiple extensions that provide the identical experience or plastering extension descriptions with loosely related or unrelated keywords.
On Wednesday, security and privacy researcher Wladimir Palant revealed that developers are flagrantly violating those terms in tons of of extensions currently available for download from Google. Consequently, searches for a specific term or terms can return extensions which might be unrelated, inferior knockoffs, or perform abusive tasks akin to surreptitiously monetizing web searches, something Google expressly forbids.
Not looking? Don’t care? Each?
A search Wednesday morning in California for Norton Password Manager, for instance, returned not only the official extension but three others, all of that are unrelated at best and potentially abusive at worst. The outcomes may look different for searches at other times or from different locations.
Search results for Norton Password Manager.
It’s unclear why someone who uses a password manager could be fascinated about spoofing their time zone or boosting the audio volume. Yes, they’re all extensions for tweaking or otherwise extending the Chrome browsing experience, but isn’t every extension? The Chrome Web Store doesn’t want extension users to get pigeonholed or to see the list of offerings as limited, so it doesn’t just return the title looked for. As an alternative, it draws inferences from descriptions of other extensions in an try to promote ones that can also be of interest.
In lots of cases, developers are exploiting Google’s eagerness to advertise potentially related extensions in campaigns that foist offerings which might be irrelevant or abusive. But wait, Chrome security people have put developers on notice that they’re not permitted to have interaction in keyword spam and other search-manipulating techniques. So, how is that this happening?
