Chrome Web Store

Last updated
Chrome Web Store
Google Chrome Web Store icon 2022.svg
Chrome Web Store 2023.png
The Chrome Web Store as seen on Chrome
Launch dateDecember 2010;13 years ago (2010-12)
Website chromewebstore.google.com

Chrome Web Store is Google's online store for its Chrome web browser. As of 2022, Chrome Web Store hosts about 123,000 extensions and 29,000 themes. [1]

Contents

History

Chrome Web Store was publicly unveiled in December 2010, [2] and was opened on February 11, 2011, with the release of Google Chrome 9.0. [3] A year later it was redesigned to "catalyze a big increase in traffic, across downloads, users, and total number of apps". [4] As of June 2012, there were 750 million total installs of content hosted on Chrome Web Store. [5]

Some extension developers have sold their extensions to third-parties who then incorporated adware. [6] [7] In 2014, Google removed two such extensions from Chrome Web Store after many users complained about unwanted pop-up ads. [8] The following year, Google acknowledged that about five percent of visits to its own websites had been altered by extensions with adware. [9] [10] [11]

Malware

Malware remains a problem on Chrome Web Store. [12] [13] [14] [15] In January 2018, Researchers from security firm ICEBRG found four malicious extensions with more than 500,000 combined downloads. [12] [16] In February 2021, Google blocked "The Great Suspender", a popular extension with 2,000,000 users after it was reported that malicious code was added to it. [17] [18] [19]

Chrome used to allow extensions hosted on Chrome Web Store to also be installed at the developer's website for the sake of convenience. [20] However, this became a malware vector, so it was removed in 2018. [21]

Related Research Articles

Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. Some advertisements also act as spyware, collecting and reporting data about the user, to be sold or used for targeted advertising or user profiling. The software may implement advertisements in a variety of ways, including a static box display, a banner display, a full screen, a video, a pop-up ad or in some other form. All forms of advertising carry health, ethical, privacy and security risks for users.

<span class="mw-page-title-main">FlashGet</span> Freeware download manager for Windows

FlashGet was a freeware download manager for Microsoft Windows. It was originally available in either paid or ad-supported versions, the latter of which included an Internet Explorer Browser Helper Object (BHO).

Add-on is the Mozilla term for software modules that can be added to the Firefox web browser and related applications. Mozilla hosts them on its official add-on website.

Christopher Boyd, also known by his online pseudonym Paperghost, is a computer security researcher.

<span class="mw-page-title-main">Lavasoft</span> Software company of Canada

Adaware, formerly known as Lavasoft, is a software development company that produces spyware and malware detection software, including Adaware. It operates as a subsidiary of Avanquest, a division of Claranova.

A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.

<span class="mw-page-title-main">CCleaner</span> Suite of utilities for cleaning disk and operating system environment

CCleaner, developed by Piriform Software, is a utility used to clean potentially unwanted files and invalid Windows Registry entries from a computer. It is one of the longest-established system cleaners, first launched in 2004. It was originally developed for Microsoft Windows only, but in 2012, a macOS version was released. An Android version was released in 2014.

<span class="mw-page-title-main">Google Chrome</span> Web browser developed by Google

Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

<span class="mw-page-title-main">Malvertising</span> Use of online advertisement or advertising to spread malware

Malvertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like. Malvertising is "attractive to attackers because they 'can be easily spread across a large number of legitimate websites without directly compromising those websites'."

<span class="mw-page-title-main">Comodo Dragon</span> Web browser based on the Chromium web browser

Comodo Dragon is a freeware web browser. It is based on Chromium and is produced by Comodo Group. Sporting a similar interface to Google Chrome, Dragon does not implement Chrome's user tracking and some other potentially privacy-compromising features, replacing them with its own user tracking implementations, and provides additional security measures, such as indicating the authenticity and relative strength of a website's Secure Sockets Layer (SSL) certificate.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

<span class="mw-page-title-main">Google Play</span> Digital distribution service by Google

Google Play, also known as the Google Play Store or Play Store and formerly Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system and its derivatives, as well as ChromeOS, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google. Google Play has also served as a digital media store, offering games, music, books, movies, and television programs. Content that has been purchased on Google Play Movies & TV and Google Play Books can be accessed on a web browser and through the Android and iOS apps.

<span class="mw-page-title-main">Torch (web browser)</span> Proprietary, adware supported web browser

Torch was a Chromium-based web browser and Internet suite developed by the North Carolina–based Torch Media. As of November 2022, downloads for Torch are no longer available, and upon clicking the download button, users are redirected to the Torch Search extension on the Chrome Web Store.

Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California. It was founded in Israel in 2006 and has been regarded as part of the country's "Download Valley" cluster of adware companies. Superfish's software is malware and adware. The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014. On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.

Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.

A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software. The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks. Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.

Shedun is a family of malware software targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000 popular Android applications. Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.

<span class="mw-page-title-main">AdGuard</span> Ad blocking and privacy protection software

AdGuard is an ad blocking service provided by AdGuard Software Limited with applications for Microsoft Windows, Linux, MacOS, Android and iOS. AdGuard is also available as a browser extension.

Tampermonkey is a closed-source donationware userscript manager that is available as a browser extension. This software enables the user to add and use userscripts, which are JavaScript programs that can be used to modify web pages.

References

  1. "Breaking Down The Chrome Web Store". ChromeStats. Retrieved 28 December 2022.
  2. Kincaid, Jason. "Sales Are At A Trickle On Google's The Chrome Web Store". TechCrunch. Retrieved 4 January 2011.
  3. Kay, Erik; Boodman, Aaron (February 3, 2011). "A dash of speed, 3D and apps". Chrome Blog. Google . Retrieved March 9, 2017.
  4. Empson, Rip (5 December 2011). "New The Chrome Web Store Proves To Be A Boon For Developers Above (And Below) The Fold". TechCrunch. Retrieved 5 December 2011.
  5. Vikas SN (2012-06-29). "The Lowdown: Google I/O 2012 Day 2 – 310M Chrome Users, 425M Gmail & More". MediaNama. Retrieved 2013-06-14.
  6. "Adware vendors buy Chrome Extensions to send ad- and malware-filled updates". Ars Technica. 17 January 2014. Retrieved 20 January 2014.
  7. Bruce Schneier (21 Jan 2014). "Adware Vendors Buy and Abuse Chrome Extensions".
  8. Winkler, Rolfe (19 January 2014). "Google Removes Two Chrome Extensions Amid Ad Uproar". blogs.wsj.com. Wall Street Journal. Retrieved 17 March 2014.
  9. "Ad Injection at Scale: Assessing Deceptive Advertisement Modifications" (PDF). Archived from the original (PDF) on 2015-06-05.
  10. "Superfish injects ads into 5 percent of all Google page views". PC World . IDG.
  11. "Superfish injects ads in one in 25 Google page views". CIO. IDG. Archived from the original on 2019-12-11. Retrieved 2015-06-03.
  12. 1 2 "Security firm ICEBRG uncovers 4 malicious Chrome extensions - gHacks Tech News". www.ghacks.net. 16 January 2018. Retrieved 2018-12-15.
  13. "Google's bad track record of malicious Chrome extensions continues - gHacks Tech News". www.ghacks.net. 11 May 2018. Retrieved 2018-12-15.
  14. "Chrome Extension Devs Use Sneaky Landing Pages after Google Bans Inline Installs". BleepingComputer. Retrieved 2018-12-15.
  15. "Chrome's inline extension install ban already bypassed - gHacks Tech News". www.ghacks.net. 11 October 2018. Retrieved 2018-12-15.
  16. "Google Chrome extensions with 500,000 downloads found to be malicious". Ars Technica. 17 January 2018. Retrieved 2018-12-30.
  17. "Google kills The Great Suspender". www.zdnet.com. Retrieved 2021-05-29.
  18. "The Great Suspender Chrome extension's fall from grace". BleepingComputer. Retrieved 2021-05-30.
  19. "What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? Let's find out". www.theregister.com. Retrieved 2021-05-29.
  20. "Using Inline Installation - Google Chrome". developer.chrome.com. Retrieved 2018-12-14.
  21. "Improving extension transparency for users". Chromium Blog. Retrieved 2018-12-15.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.