It was recently revealed that the Google Chrome Store has not been able to detect a fake ad blocker application which, in effect, let 37,000 unsuspecting users download malicious software.
The report first came from a security researcher who goes by the name SwiftOnSecurity on Twitter.
According to SwiftOnSecurity, a "fraudulent developer" mimicked the legitimate Chrome extension AdBlock Plus. The fake version of the application apparently made its way to the Chrome Web Store and posed as the original one without the servers noticing it.
SwiftOnSecurity added that the bogus software's developer was able to pose the phony extension as the real one by cloning the name of a popular product and spamming keywords so users searching for the popular application would be led to the fake one.
By the time SwiftOnSecurity revealed the existence of the fake browser extension, it had already been downloaded by 37,000 users.
It is important to note that there is a real, legitimate version of AdBlock Plus developed by the same name company that is also available as an extension via the Chrome Web Store.
As of this writing, it appears that Google has finally taken down the fake extension. Upon searching for "AdBlock Plus" on the Chrome Web Store, people will find at the top of the results is the real product that had been installed by more than 10 million users.
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name pic.twitter.com/3Tnv4NtY9t
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
SwiftOnSecurity also criticized Google and pointed out how these lapses would affect real developers. He tweeted: "Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name."
In the same tweet, SwiftOnSecurity shared a screenshot of a review from one of the 37,000 users that installed the fake AdBlock Plus. Not realizing he had gotten the wrong extension installed, the user complained that he had instantly acquired "invasive" ads that keep opening new tabs automatically.
The issue of security in adding browser extensions on Chrome has been a recurring dilemma for Google. In fact, in 2014, Google disallowed Windows and Mac users from installing extensions sourced outside the Chrome Web Store to prevent more security risks.
However, as it appears that Google still has a lot of work to do in further tightening the security of its Chrome Web Store to actively ward off bogus developers and applications.