Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords.
Conversation
Replying to
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name
5
78
217
I'm being mean to Google because there's no way their Chrome team is happy with this extension vetting/moderation situation.
12
20
185
[UPDATE] Google: An Update on Malware in the Chrome Web Store
groups.google.com/a/chromium.org
8
30
84
I'm sorry for being mean, Google.
17
7
77
6
9
63
Update: TWO fake AdBlock Plus, including one with fake user numbers, have been added back to the Chrome extension store, in the same place.
2
47
55
To evade Google filters, attackers have used look-alike Cyrillic Unicode characters in the extension name
6
50
85
We need to stop Unicode until we can get a handle on the situation. No more Unicode.
23
37
157
The Unicode Consortium actually provides a list of confusable Unicode characters unicode.org/Public/securit
10
57
152
Unicode is magical
13
22
105
Update: The Chrome extension store has been cleaned. I suspect this is a cat-and-mouse thing, so I'll just ignore it going forward...
4
7
36