Independent security researcher Wladimir Palant recently published a comprehensive technical report, vividly illustrating how certain Chrome browser extensions employ cunning tactics to manipulate search results on the Chrome Web Store (CWS).
The investigation began when Palant searched for “Norton Password Manager” in the store and noticed that the search results were inundated with irrelevant extensions. The legitimate application was relegated to the bottom of the list. Although it eventually rose to the top, the underlying issue persisted globally: numerous unrelated extensions continued to clutter the search results.
The root cause of this problem lies in the exploitation of localization mechanisms within extension descriptions. Some developers insert keywords related to competitors into their product descriptions, but strategically place them in less commonly used languages, such as Swahili (East Africa) or Estonian.
The Chrome Web Store indexes these descriptions for search rankings, regardless of the user’s interface language, enabling extensions to dominate results for popular queries.
Prominent among the offending companies are Kodice LLC, Karbon Project LP, and BroCode LTD, whose cluster encompasses over 120 extensions. Many of these have previously been accused of spying on users, committing affiliate marketing fraud, and displaying intrusive advertisements. Despite past scrutiny, such extensions continue to remain available on the platform.
Another major cluster is PDF Toolbox. According to 2023 reports, its members engaged in redirecting user queries to search engines for monetary gain. Similarly, companies such as ZingFront, ZingDeck, BigMData, ExtensionsBox, Lazytech, Yue Apps, and others have adopted comparable promotional tactics.
Although some malicious extensions have been removed, their creators persist in developing similar projects. Currently, more than 920 extensions with suspicious localizations have been identified in the Chrome Web Store, underscoring the scale of the issue. These activities pose significant risks to users, including privacy breaches and the dissemination of malware.
According to Palant, Google has been aware of this issue for a long time but has yet to implement effective measures to counteract such manipulations. The researcher suggests making the store’s search index strictly dependent on the user’s selected language to prevent future abuses.
