Google Chrome Extensions can silently install adware, spyware, and malware

Saturday, January 18, 2014
By OP Editor

Google’s openness wins again! Malware makers are now buying up Google Chrome extensions and pushing disruptive malware and adware onto unsuspecting Google users.

If you use Google Chrome browser or Chromebook, and starting to get intrusive ads and redirects, this might be the problem. Arstechnica article by Ron Amadeo described how he suffered from the Google Chrome Extension ad injection problem and how Google allows it to happen:

“Ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.”

Google Chrome Extension adware

There’s little the general user can do. Even tech savvy folks are having a hard time diagnosing the Chrome extension adware problem, as they can reinstall themselves through Chrome Sync if not completely removed from all devices.

“What can users do to protect themselves? It’s very hard to keep yourself in the loop with Chrome extension updates. Extensions usually don’t have changelogs, and there is currently no way to disable extension auto-updating.

[…] while it’s extremely easy for a novice user to install an extension, it’s nearly impossible for them to diagnose and remove an extension that has turned sour, and Chrome Sync will make sure that extension hangs around on all their devices for a long time.”

Google not only push the adware to Chrome browser users on computers, it also affects Chromebook users. Chrome browser on iOS does not seem to be not affected by this problem.

And the worst thing? Attempts to ask Google, an ad company, to block ads ends in failure. As of now, Google explicitly allows the adware injection as long as developer disclosed the ads (probably buried in a long TOS). What a joke.

This ADmented reality Google Glass parody might come true after all.


Related Posts

  1. Malware Android apps from Google Play infects Windows PCs: #thenextbigthing
  2. Google Chrome Browser for Mac, Stop Motion Video
  3. Google Chrome = New Microsoft Windows?
  4. Google Chrome Openness Fail: Drops H.264, Promotes Flash & WebM
  5. Apple Security Update Adds Daily Check of Malicious Software + Removes MACDefender Trojan Malware

Tags: Fail, Google, Security

Site Search

iPad Air 2 Case

Popular Tags