Security News

Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users.

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items," Simeon Vincent, extensions developer advocate at Google, explains.

UPDATE. Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component - those that are paid for, offer in-browser transactions and those that offer subscription services.

On Saturday, Google temporarily disabled the ability to publish paid Chrome apps, extensions, and themes in the Chrome Web Store due to a surge in fraud. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users," said Simeon Vincent, developer advocate for Chrome Extensions, in a post to the Chromium Extensions forum.

New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook. FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims.

Google doesn't want to block third-party cookies in Chrome right now. Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.

Google is aiming to phase out third-party cookies in Chrome in two years, but that will have to prove palatable to users, publishers, and advertisers. In its post, the search giant said it plans to phase out support for third-party cookies in Chrome within the next two years.

Google has set an aggressive two-year deadline for dropping support for third-party tracking cookies in its Chrome web browser. Justin Schuh, engineering director for Google Chrome, said in a post Tuesday that the phasing out of third-party cookies was in response to evolving attitudes about online privacy.

According to Denley, the extension is dangerous to users in two ways. First, any funds managed directly inside the extension are at risk.

Researchers warn that five vulnerabilities that stem from SQLite could enable remote code execution.