This latest tactic was recently discovered by security researcher Wladimir Palant, who detailed hisfindingsin an eye-opening post.
Upon investigating, he uncovered a clever manipulation campaign actively pushing users to install low-quality or even malicious code.
The core issue identified by Palant lies in how the Chrome Web Store manages translations and related metadata.
This allows them to “sacrifice” descriptions in less popular languages by embedding them with keyword-packed text.
Palant identified 920 Chrome extensions exploiting this malicious technique to manipulate CWS search results.
Either Google isn’t looking, or they don’t care at all, Palant said.
