Skip to comments.Adware vendors buy Chrome Extensions to send ad- and malware-filled updates
Posted on 01/20/2014 9:57:14 AM PST by Utilizer
...ownership of a Chrome extension can be transferred to another party, and the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.
Do Firefox/IE add-ons have the same vulnerabilities?
Not so far, from what I read at the ars technica site. Only Chrome. However, that may simply mean that none has yet been discovered on the other browsers so I thought this important enough to make others aware and begin checking their own extensions for possible similarities.
From the article:
Update: Google got back to us, and stated that Chrome’s extension policy is due to change in June 2014. The new policy will require extensions to serve a single purpose.
Yes, read that. However, that does nothing to solve the immediate problem nor does their statement mention that they will remove the offending extensions or even notify users of the problems.
Ping. Noticed you had a problem with Chrome recently...
Who uses Chrome, or allows extensions on their computer?
What you say makes sense and it’s clear they’re doing nothing between now and June.
I’m a bit of a novice at this sort of thing. I run Chrome on this PC I’m using now and also it’s pretty much built in to my Dell Venue 7” tablet.
I am relatively confident that my PC is OK, but I wonder about the tablet. I havn’t noticed anything particular but I also havn’t installed any security apps on the tablet either. I’ve only had it a few months. I’ve read pros and cons about the tablet apps and havn’t come to any conclusion.
Do you know anything about tablet security?
There are some, actually, and extensions (also called add-ons) are parts of many web browsers. Two I use quite extensively are the extensions AdBlocker and Ghostery and find them quite handy. I have also tried Chrome and did not think much of it, although it comes as a default browser on some Linux distros.
Ping. You might find this interesting...
You are most welcome.
Not enough to even offer advice, I am afraid. Most of the work I do is on desktop computers and usually involves updates and resolving crash issues, generally to the re-install level if necessary to get rid of malware.
So they buy a legitimate app or extension and spread their disease that way?
Chrome has its own OS and Android is theirs too I think. They have a lot more games/apps apparently than Linux.
Not that it matters to me.
Chromium is a stripped down version of Chrome I think
According to the ars technica article, yes some people have done so through the Chrome extensions and people were not aware that this was happening or that the extensions were the reason why problems were appearing.
Those extensions have now been pulled. http://news.cnet.com/8301-1023_3-57617467-93/google-discards-extensions-that-force-feed-users-ads-in-chrome/
Thanks for the link! That was very informative, and identified at least two of the extensions that were causing problems. Users need to be aware of the dangers still, so the more people are informed about this the better, and also be aware that this could be a potential problem in the future as well.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.