The people who oversee the security of Google's Chrome browser explicitly prohibit third-party extension developers from trying to manipulate how the browser extensions they submit are presented in the Chrome Web Store. The policy specifically uses search manipulation techniques, such as listing multiple extensions that provide the same experience or embellishing extension descriptions with loosely related or unrelated keywords.
On Wednesday, security and privacy researcher Wladimir Palant revealed that developers are blatantly violating these terms in hundreds of extensions currently available for download from Google. As a result, searches for a particular term or terms may yield unrelated extensions, be inferior imitations, or perform illegitimate tasks such as surreptitiously monetizing Internet searches, which Google expressly prohibits.
Not watching? It doesn't matter? Both?
For example, a Wednesday morning search in California for Norton Password Manager turned up not only the official extension, but three others, all of which are at best unrelated and at worst potentially offensive. Results may look different when searching at different times or from different locations.
Search results for Norton Password Manager.
It's unclear why someone using a password manager would be interested in spoofing their time zone or increasing the audio volume. Yes, they're all extensions to customize or otherwise enhance the Chrome browsing experience, but isn't every extension? The Chrome Web Store doesn't want extension users to be pigeonholed or see the list of offers as limited, so it doesn't just return the title you searched for. Instead, it draws conclusions from descriptions of other extensions in an attempt to promote extensions that may also be of interest.
In many cases, developers take advantage of Google's eagerness to promote potentially related extensions in campaigns that promote offers that are irrelevant or offensive. But wait, Chrome security folks have pointed out to developers that they are not allowed to engage in keyword spam and other search manipulation techniques. So, how does this happen?
