Google’s security team has indefinitely suspended the release or update of any commercial Chrome extension signed on the official Chrome Web Store due to a surge in the number of paid extensions engaged in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transaction as “massive.”
Preventing publishing or updating affects all paid extensions. This also includes Chrome extensions that require a pre-installation payment, extensions running based on a monthly subscription, or chrome extensions that use one-time in-app purchases to access a variety of features.
Currently, existing commercial extensions can still be downloaded through the official Chrome Web Store, but extender developers can’t push new updates.
In response, Simeon Vincent, a developer advocate for Chrome extensions, said, “This is a temporary measure to help us find long-term solutions to prevent broader abuse.”
At the same time, extenders who try to publish a new paid Chrome extension, or post a new update on their commercial extension, receive an automatic message that reads: “Spam and Placement in the Store.”
This ban affects a number of big-name extensions, including password manager Dashlane and the conference planner app Comeet. The ban was officially released on the evening of January 24, but Jeff Johson, founder of the StopTheMadness Chrome extension, says Google has been quietly blocking updates to paid Chrome extensions for days.
It is not clear how long the ban will last. “We’re trying to resolve this issue as quickly as possible, but we don’t have a timetable for that at the moment,” Vincent said. “I apologize for the inconvenience,” it said. “