Mozilla and Google are cracking down on malicious and abusive extensions available for the Firefox and Chrome browsers, respectively.
The most significant move was Mozilla’s ouster over the past month of just about 200 extensions.
The bulk of them,129, to be exact, were developed by 2Ring, a maker of business software.
There is no evidence the extensions were malicious, but Mozilla officials found they executed code hosted on a foreign server, in violation of Mozilla policies.
The representative added that current installations aren’t affected and users who want to put in an extension can still do so manually.
A 2Ring representative said that the extensions, which businesses use to integrate select CRM systems with apps installed in customer contact centers, interact only with user white-listed applications laid out in the extension’s configuration.
Mozilla ejected six other extensions for an equivalent reason.
Another extension was also caught loading remote content onto a replacement tab page.
The policies barring remote code and content are designed to extend transparency and lower the danger of extensions that behave in ways in which could be harmful.
Mozilla expelled another 30 extensions for « violating Mozilla’s add-on policies by showing malicious behavior on third-party websites. »
Still, more extensions got the boot for collecting user data.
Another batch was removed for collecting search terms or intercepting searches that visited a third-party search provider.
Google, meanwhile, said last Friday that it had « detected a big increase within the number of fraudulent transactions involving paid Chrome extensions that aim to take advantage of users.
» The « scale of the abuse, » Friday’s post said, has prompted Google to temporarily bar the publishing fee-based extensions.
The move is supposed to curb the influx as engineers search for longer-term solutions that rein within the broader pattern of abuse.
Paid extensions are people who collect fees upfront, charge for subscriptions, or admit app-purchases.
While the rise in abuse is critical, paid apps to represent a little portion of the extensions available within the Chrome Web store.
Consistent with a report last August from Extension Monitor, only about 9 percent of extensions were fee-based.
The crackdowns highlight a drag that has existed for years with extensions available from both Mozilla and Google. While the overwhelming majority are safe, a little but statistically significant sample engage in click fraud, steal user credentials and install currency miners, and spy on end-users, in a minimum of one case, many users, a number of whom were inside large companies and other data-sensitive networks.