How extensions trick CWS search | Almost Secure
A few months ago, I searched for “Norton Password Manager” in Chrome Web Store and was surprised to see lots of seemingly unrelated results. The actual Norton Password Manager was listed last in the search results. Today, the search results remain similar, but Norton Password Manager has moved to the top of the list.
A Closer Look at Chrome Web Store Search Results
I was puzzled by how Google's search results could be so off-track. I even took to Mastodon to express my confusion. It turns out that the Chrome Web Store search index is shared across all languages, allowing for some interesting manipulations by extension authors. 
Extension authors have discovered that they can improve their search rankings by stuffing their descriptions with relevant keywords in less popular languages. By doing this, extensions start showing up for these keywords even in the English version of the Chrome Web Store.
Localized Descriptions and Manipulating Search Results
Chrome Web Store supports translations for extension names, short descriptions, and even the extension's user interface. Some developers have taken advantage of this by targeting specific languages to boost their visibility in search results.
After analyzing extension manifests on a Github repository, it became evident that many extensions were using this tactic to manipulate search rankings. 
Uncovering Suspicious Extension Clusters
Further investigation revealed clusters of extensions engaging in deceptive practices to enhance their search visibility. These extensions were found to spy on users, commit affiliate fraud, inject ads into web pages, and even hijack search queries for monetization purposes.
While efforts have been made to report and remove these malicious extensions, some developers continue to find ways to exploit the system. It's essential for users to remain cautious and avoid downloading extensions from untrustworthy sources.
The Complex Web of Extension Clusters
Several extension clusters, operated by various groups of developers, have been identified for using manipulative tactics to improve their rankings in the Chrome Web Store. These clusters range from influencing search results with keyword stuffing to engaging in more malicious activities such as search hijacking.
