toad.social

Ji FuI was looking for <a href="https://libranet.de/search?tag=CWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CWS</a> content for the college world series and found out it also means <a href="https://libranet.de/search?tag=ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> or <a href="https://libranet.de/search?tag=ContentWarnings" class="mention hashtag" rel="nofollow noopener" target="_blank">#ContentWarnings</a>. I think <a href="https://libranet.de/search?tag=MCWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MCWS</a> is the preferred tag.

ResearchBuzz: FirehoseArs Technica: Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs. “Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal.”<a href="https://rbfirehose.com/2025/04/13/ars-technica-researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/" class="" rel="nofollow noopener" target="_blank">https://rbfirehose.com/2025/04/13/ars-technica-researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/</a>

IT NewsResearcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Google is hosting dozens of extensions in its Chrome Web Store that perfor... - <a href="https://arstechnica.com/security/2025/04/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/security/2025/04/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/</a> <a href="https://schleuss.online/tags/chromewebstore" class="mention hashtag" rel="nofollow noopener" target="_blank">#chromewebstore</a> <a href="https://schleuss.online/tags/extensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#extensions</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://schleuss.online/tags/chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#chrome</a>

Hacker NewsPayPal honey extension has again "featured" flag in Chrome web store — <a href="https://chromewebstore.google.com/detail/paypal-honey-automatic-co/bmnlcjabgnpnenekpadlanbbkooimhnj/reviews" rel="nofollow noopener" translate="no" target="_blank">https://chromewebstore.google.com/detail/paypal-honey-automatic-co/bmnlcjabgnpnenekpadlanbbkooimhnj/reviews</a> <a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#HackerNews</a> <a href="https://mastodon.social/tags/PayPal" class="mention hashtag" rel="nofollow noopener" target="_blank">#PayPal</a> <a href="https://mastodon.social/tags/Honey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honey</a> <a href="https://mastodon.social/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chrome</a> <a href="https://mastodon.social/tags/Extension" class="mention hashtag" rel="nofollow noopener" target="_blank">#Extension</a> <a href="https://mastodon.social/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> <a href="https://mastodon.social/tags/Featured" class="mention hashtag" rel="nofollow noopener" target="_blank">#Featured</a> <a href="https://mastodon.social/tags/Flag" class="mention hashtag" rel="nofollow noopener" target="_blank">#Flag</a> <a href="https://mastodon.social/tags/Updates" class="mention hashtag" rel="nofollow noopener" target="_blank">#Updates</a> <a href="https://mastodon.social/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#Technology</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a>

Yellow FlagI might have sent a less than polite reply to this mail by Google’s Chrome Web Store developer support. I know what I can, but I’m definitely not going to report 62 malicious extensions individually. Moderating that place is their job, not mine. If they need 62 tickets, they can surely create those themselves.<a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/CWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CWS</a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a>

Yellow FlagI meant to publish a rant about Google and Chrome Web Store for a while now, and now it is out: <a href="https://palant.info/2025/01/13/chrome-web-store-is-a-mess/" rel="nofollow noopener" translate="no" target="_blank">https://palant.info/2025/01/13/chrome-web-store-is-a-mess/</a>This details many of Google’s shortcoming at keeping Chrome Web Store safe, with the conclusion: “for the end users the result is a huge (and rather dangerous) mess.”I am explaining how Google handled (or rather didn’t handle for most part) my recent reports. How they make reporting problematic extensions extremely hard and then keep reporters in the dark about the state of these reports. How Google repeatedly chose to ignore their own policies and allowed shady, spammy and sometimes outright malicious extensions to prevail.There is some text here on the completely meaningless “Featured” badge that is more likely to be awarded to malicious extensions than to legitimate ones. And how user reviews aren’t allowing informed decisions either because Google will allow even the most obvious fakes to remain.I’ve also decided to publish a guest post by a researcher who wanted to remain anonymous: <a href="https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/" rel="nofollow noopener" translate="no" target="_blank">https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/</a>This post provides more details on BIScience Ltd., another company selling browsing data of extension users. <a href="https://infosec.exchange/@tuckner" class="u-url mention" rel="nofollow noopener" target="_blank">@tuckner</a> and I wrote a bit about that one recently, but this has been going on since at least 2019 apparently. Google allows it as long as extension authors claim (not very convincingly) that this data collection is necessary for the extension’s functionality. It’s not that Google doesn’t have policies that would prohibit it, yet Google chooses not to enforce those.<a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://infosec.exchange/tags/cws" class="mention hashtag" rel="nofollow noopener" target="_blank">#cws</a> <a href="https://infosec.exchange/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeExtensions</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a>

IT NewsHere’s how hucksters are manipulating Google to promote shady Chrome extensions - The people overseeing the security of Google’s Chrome browser explicitly f... - <a href="https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/</a> <a href="https://schleuss.online/tags/chromewebstore" class="mention hashtag" rel="nofollow noopener" target="_blank">#chromewebstore</a> <a href="https://schleuss.online/tags/extensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#extensions</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://schleuss.online/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#abuse</a> <a href="https://schleuss.online/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#spam</a>

Yellow FlagMy research on how Chrome extensions spam Chrome Web Store search with irrelevant keywords has been picked up by <a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@dangoodin</a>: <a href="https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/</a>The article quotes me towards the end, something that is worth repeating:<blockquote>“It wasn’t that hard to notice, and they have better access to the data than me. So either Google isn’t looking or they don’t care.”</blockquote><a href="https://infosec.exchange/tags/cws" class="mention hashtag" rel="nofollow noopener" target="_blank">#cws</a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://infosec.exchange/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeExtensions</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#spam</a>

Yellow FlagBack in October I asked here why searching for “Norton Password Manager” on Chrome Web Store brings up five completely unrelated extensions which all show up before the actual Norton Password Manager. Now I know the answer: some extension authors figured out how to use translations in order to mess with the search results. <a href="https://palant.info/2025/01/08/how-extensions-trick-cws-search/" rel="nofollow noopener" translate="no" target="_blank">https://palant.info/2025/01/08/how-extensions-trick-cws-search/</a>I found 920 extensions using this approach. Most of them fall into a few large extension clusters that are spamming Chrome Web Store. For example, I could attribute 122 extensions to the Kodice / Karbon Project / BroCode cluster that I covered in June 2023 originally. Another 100 extensions belong to the PDF Toolbox cluster that originally appeared on my blog in May 2023. The ZingFront / ZingDeck / BigMData cluster is one I also researched back in 2023 but didn’t publish – 223 extensions.There is also a cluster that was new to me and which I couldn’t really tie to a company name (apart from finding two red herrings). There seems to be a Ukrainian/Russian language part and a Farsi (?) language part here, and it’s hundreds of extensions despite only 55 of them qualifying for the list in this article.Now that this is out, are you as excited as me to see what Google will do about this?<a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://infosec.exchange/tags/cws" class="mention hashtag" rel="nofollow noopener" target="_blank">#cws</a> <a href="https://infosec.exchange/tags/ChromeExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeExtensions</a> <a href="https://infosec.exchange/tags/chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#chrome</a> <a href="https://infosec.exchange/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#spam</a>

Tarnkappe.info📬 Google Chrome verlangsamt Updates von Ad-Blockern <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/Internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Internet</a> <a href="https://social.tchncs.de/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> <a href="https://social.tchncs.de/tags/ChromeErweiterungsplattform" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeErweiterungsplattform</a> <a href="https://social.tchncs.de/tags/ghostery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ghostery</a> <a href="https://social.tchncs.de/tags/googlechrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#googlechrome</a> <a href="https://social.tchncs.de/tags/KrzysztofModras" class="mention hashtag" rel="nofollow noopener" target="_blank">#KrzysztofModras</a> <a href="https://social.tchncs.de/tags/ManifestV3" class="mention hashtag" rel="nofollow noopener" target="_blank">#ManifestV3</a> <a href="https://social.tchncs.de/tags/WerbeblockerUpdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#WerbeblockerUpdate</a> <a href="https://tarnkappe.info/artikel/it-sicherheit/datenschutz/google-chrome-verlangsamt-updates-von-ad-blockern-284159.html" rel="nofollow noopener" translate="no" target="_blank">https://tarnkappe.info/artikel/it-sicherheit/datenschutz/google-chrome-verlangsamt-updates-von-ad-blockern-284159.html</a>

Tarnkappe.info📬 Google Chrome wird die Funktion von Ad-Blockern stark einschränken <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/Internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Internet</a> <a href="https://social.tchncs.de/tags/Chrome127" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chrome127</a>+ <a href="https://social.tchncs.de/tags/ChromeDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeDev</a> <a href="https://social.tchncs.de/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> <a href="https://social.tchncs.de/tags/googlechrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#googlechrome</a> <a href="https://social.tchncs.de/tags/ManifestV3" class="mention hashtag" rel="nofollow noopener" target="_blank">#ManifestV3</a> <a href="https://tarnkappe.info/artikel/it-sicherheit/datenschutz/google-chrome-wird-die-funktion-von-ad-blockern-stark-einschraenken-283590.html" rel="nofollow noopener" translate="no" target="_blank">https://tarnkappe.info/artikel/it-sicherheit/datenschutz/google-chrome-wird-die-funktion-von-ad-blockern-stark-einschraenken-283590.html</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬As <a href="https://hachyderm.io/tags/YouTube" class="mention hashtag" rel="nofollow noopener" target="_blank">#YouTube</a> Declares War on <a href="https://hachyderm.io/tags/AdBlockers" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdBlockers</a>, <a href="https://hachyderm.io/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> Sponsors <a href="https://hachyderm.io/tags/Ad" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ad</a> Blocking Conference Last month, a Google employee spoke at a Google-sponsored conference for ad-block <a href="https://hachyderm.io/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#developers</a>, and explained how they were making it easier for users to find ad blocking extensions on the <a href="https://hachyderm.io/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a>. In all, five Google employees presented at the Ad Filtering Dev Conference, highlighting the company's complicated relationship with ad blockers. <a href="https://www.404media.co/as-youtube-declares-war-on-ad-blockers-google-sponsors-ad-blocking-conference/" rel="nofollow noopener" translate="no" target="_blank">https://www.404media.co/as-youtube-declares-war-on-ad-blockers-google-sponsors-ad-blocking-conference/</a>

heise online<a href="https://social.heise.de/tags/Verpasstodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Verpasstodon</a>Webbrowser: Schadcode in Chrome-Erweiterungen mit 87 Millionen NutzernDiverse Erweiterungen für den Webbrowser Chrome im Chrome Web Store lieferten neben den gewünschten Funktionen Malware mit. Nutzer sollten sie deinstallieren.<a href="https://www.heise.de/news/Webbrowser-Schadcode-in-Chrome-Erweiterungen-mit-87-Millionen-Nutzern-9164090.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege" rel="nofollow noopener" target="_blank">https://www.heise.de/news/Webbrowser-Schadcode-in-Chrome-Erweiterungen-mit-87-Millionen-Nutzern-9164090.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege</a> <a href="https://social.heise.de/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#Browser</a> <a href="https://social.heise.de/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chrome</a> <a href="https://social.heise.de/tags/ChromeWebStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChromeWebStore</a> <a href="https://social.heise.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> <a href="https://social.heise.de/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleChrome</a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a>

IT NewsGoogle’s Android and Chrome extensions are a very sad place. Here’s why - Enlarge (credit: Photo Illustration by Miguel Candela/SOPA Images/Light... - <a href="https://arstechnica.com/?p=1944202" rel="nofollow noopener" target="_blank">https://arstechnica.com/?p=1944202</a> <a href="https://schleuss.online/tags/chromewebstore" class="mention hashtag" rel="nofollow noopener" target="_blank">#chromewebstore</a> <a href="https://schleuss.online/tags/extensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#extensions</a> <a href="https://schleuss.online/tags/googleplay" class="mention hashtag" rel="nofollow noopener" target="_blank">#googleplay</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://schleuss.online/tags/apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#apps</a>

Recent searches

Search options

Administered by:

Server stats:

#chromewebstore