Google scans Chrome Web Store submissions for malware

Filed Under: Featured, Google, Google Chrome, Malware

Chrome scansGoogle has started to scrub Chrome Web Store submissions before they get a chance to muck things up.

The update, known as Enhanced Item Validation, was announced last week on Google's Chrome developers blog.

The process may hold up submissions, Google says, but no cause for freak-out. The scan shouldn't ever take more than an hour, it says - time well spent for the greater security good:

Starting [19 June] in the Chrome Web Store, you might notice that your item is not broadly available immediately after you publish it.

Don't panic - we are just adding additional checks to keep our users secure. Most items will be publicly available within several minutes of publishing, however it could take up to 60 minutes for the scan to complete.

Unless we see something worrisome, most items should be publicly available several minutes after publishing, almost always within 60 minutes.

As it is, Google takes justifiable pride in the level of security in its Chrome browser and the Play app store.

Google's Pwnium 2013 contest saw the company walk away with an only partially-pwned Chrome OS.

But it goes without saying that Chrome's not perfect.

Google patched four flaws - three of them high-risk - in the OS in April and wound up paying $31,336 to the researcher who spotted three of them.

The flaws were all found in the O3D plug-in: a Google-crafted plugin used to create interactive 3D graphics applications that run in browser windows or in an XML User Interface (XUL) desktop application.

And as InfoSecurity Magazine pointed out, the browser got a bit more bad security publicity last week when it was found to be vulnerable to camjacking - i.e., clickjacking aimed at taking over a webcam.

The exploit, as carried out by habrahabr, involved Chrome and its implementation of Flash (which predates a 2011 fix).

Google says that the new malware scan in the Chrome Web Store won't require any action on the part of developers.

After publishing an item in the store, the developer dashboard will let developers know that it's in the process of being published, and developers can cancel at any point during the scan if they want to tweak the item.

Smartphone malware. Image courtesy of ShutterstockThe malware scan is a logical next step to follow a number of changes Google recently made to its Android Play Store ecosystem.

To wit: in April, Google instituted an official policy on sneaky "off-market" updates in the Android Play Store, which in turn came on top of putting a rudimentary antivirus in place within the OS and a ban on ad blockers.

Scanning apps for malware is yet another smart move to keep things safe for users and developers, as Google is happy to point out:

We’re always looking for ways to increase the security for our users and developers, because a trusted platform becomes more widely adopted.

Images of virus cartoon and smartphone malware courtesy of Shutterstock.

, , , , , ,

You might like

3 Responses to Google scans Chrome Web Store submissions for malware

  1. gigi · 834 days ago

    Can't google chrome also rectify the incessant crashing that happens with shockwave flash?

  2. Nigel · 834 days ago

    I'm gobsmacked to discover that Google wasn't already scanning submissions for malware!

  3. Raymond Unan · 810 days ago

    how long this temporarily malware will finish my facebook accounts has been locked...what should i do...

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.