Google Fortifies Chrome’s Web Store Vetting Process

google chrome security update

Google announced late last week that it would add more security controls to its browser-based Chrome Web Store by adding a new application-vetting feature called ‘Enhanced Item Validation.’

Google is adding more security controls to its browser-based Chrome Web Store by adding a new application-vetting feature called ‘Enhanced Item Validation.’

For all intents and purposes, the search giant claims that the new policy will only impact application developers in that they will have to wait slightly longer after submitting their apps before they show up for download on the Web Store. The announcement posted on Google’s official Google Plus page claims that nearly every application will be cleared and appear in the store within 60 minutes. If an application takes longer than an hour to clear, it likely means that the Enhanced Item Validation process uncovered some sort of suspicious behavior within the application, the company claims.

We reached out to Google for further technical detail on how enhanced item validation will work and on what would constitute the sort of suspicious behavior necessary to flag an application or extension, but the company had not responded to our request at the time of publication.

In an announcement, Google says enhanced item validation, which they describe simply as a set of “additional checks designed to keep [their] users more secure,” is being implemented as part of the company’s broader philosophy that trusted, more secure platforms are more widely used platforms.

The move also reflects the reality that the Chrome Web Store’s existing application acceptance structure was letting more malicious applications, extensions, and other bad stuff slip thorough than the company deemed acceptable.

In May, a couple of malicious extensions popped up in both the Chrome and Firefox browsers and gave attackers the ability to remotely cede control of the Facebook accounts of those that downloaded the extensions. A similar scam emerged a year earlier in which attackers compelled Brazilian Facebook users to install a malicious extension that claimed to remove the virus from their Facebook accounts but actually spammed their Facebook Friends with the same offer. There have been other instances as well in which malicious Chrome extensions have been used by attackers to harass other social sites, one in particular involved a fake Angry Birds application that spammed Tumblr users.

The new feature will require no extra work from the developers. Once they publish an item, the Web Store will automatically screen it, then publish it unless, in Google’s words, “[they] see something worrisome.”

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.