HomeWinBuzzer NewsChrome and Firefox Clamp Down on Web Extensions

Chrome and Firefox Clamp Down on Web Extensions

Chrome and Firefox are disabling extensions that could be malicious. Google has taken a blanket approach while Mozilla is approaching it more individually.


The two largest have taken a tough stance against nefarious browser extensions. and are actively clamping down on extensions that conduct bad actions, such as stealing user data.

Many people leverage browser extensions to enhance the functionality of Chrome and Firefox. Most extensions are useful or entertaining, such as weather widgets, language translation, email notifiers, and tab tools. Of course, ad blockers are also available and are among the most popular extensions.

However, some people use extensions as a way to attack users and systems. Bad actors can develop extensions that are intentionally filled with malware, or they can attack legitimate extensions and make them dangerous.

On Chrome, has decided to disable all extensions that have a payment system. All extensions that require payment or provide in-browser transactions have been closed. Of course, many of these add-ons are legitimate. Google says the measure is temporary but did not say when the restriction will be lifted.

“Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users,” the said in a notice, issued Friday. “Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse.”

Google added, “We are working to resolve this as quickly as possible, but we do not have a resolution timeline at the moment. Apologies for the inconvenience.”

Mozilla Firefox

As for Firefox, Mozilla says it is being more selective in its approach and dealing with extensions on a case-by-case basis. So far, the company has disabled 187 add-ons for what is deems bad conduct. Among those extensions were tools that were secretly running remote code-execution attacks.

2Ring seems to be the biggest offender, with the developer having 129 extensions shuttered. This company provides business-to-business tools for contact centers. It is worth noting the developer is a preferred partner of telecommunications giant Cisco.

Of course, the removal does not mean 2Ring was intentionally running malicious services. Instead, Mozilla's terns point out that any extension that fetches code from another source (legitimately or not) is in violation of its security policy.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News