The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions.
Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening “at scale.”
The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features.
Existing commercial extensions are still available for download via the official Chrome Web Store, however, extension developers can’t push new updates.
“This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse,” said Simeon Vincent, Developer Advocate for Chrome Extensions at Google.
Extension developers who try to publish a new paid Chrome extension, or push a new update on their commercial extensions, are currently receiving an automated message that reads: “Spam and Placement in the Store.”
Some big-name extensions have been impacted by this ban, including password manager Dashlane and meeting planner app Comeet.
The decision to ban publishing or updating Chrome extension was formally announced late on Friday night, January 24. However, Jeff Johson, the creator of the StopTheMadness Chrome extension, has told ZDNet that Google has been silently blocking updates for paid Chrome extensions for days [1, 2, 3, 4, 5].
It is unclear for how long the ban will last.
“We are working to resolve this as quickly as possible, but we do not have a resolution timeline at the moment,” said Vincent. “Apologies for the inconvenience.”