Skip to comments.Adware vendors buy Chrome Extensions to send ad- and malware-filled updates
Posted on 01/20/2014 9:57:14 AM PST by Utilizer
...ownership of a Chrome extension can be transferred to another party, and the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.
Do Firefox/IE add-ons have the same vulnerabilities?
Not so far, from what I read at the ars technica site. Only Chrome. However, that may simply mean that none has yet been discovered on the other browsers so I thought this important enough to make others aware and begin checking their own extensions for possible similarities.
From the article:
Update: Google got back to us, and stated that Chrome’s extension policy is due to change in June 2014. The new policy will require extensions to serve a single purpose.
Yes, read that. However, that does nothing to solve the immediate problem nor does their statement mention that they will remove the offending extensions or even notify users of the problems.
Ping. Noticed you had a problem with Chrome recently...
Who uses Chrome, or allows extensions on their computer?
What you say makes sense and it’s clear they’re doing nothing between now and June.
I’m a bit of a novice at this sort of thing. I run Chrome on this PC I’m using now and also it’s pretty much built in to my Dell Venue 7” tablet.
I am relatively confident that my PC is OK, but I wonder about the tablet. I havn’t noticed anything particular but I also havn’t installed any security apps on the tablet either. I’ve only had it a few months. I’ve read pros and cons about the tablet apps and havn’t come to any conclusion.
Do you know anything about tablet security?
There are some, actually, and extensions (also called add-ons) are parts of many web browsers. Two I use quite extensively are the extensions AdBlocker and Ghostery and find them quite handy. I have also tried Chrome and did not think much of it, although it comes as a default browser on some Linux distros.
Ping. You might find this interesting...
You are most welcome.
Not enough to even offer advice, I am afraid. Most of the work I do is on desktop computers and usually involves updates and resolving crash issues, generally to the re-install level if necessary to get rid of malware.
So they buy a legitimate app or extension and spread their disease that way?
Chrome has its own OS and Android is theirs too I think. They have a lot more games/apps apparently than Linux.
Not that it matters to me.
Chromium is a stripped down version of Chrome I think
According to the ars technica article, yes some people have done so through the Chrome extensions and people were not aware that this was happening or that the extensions were the reason why problems were appearing.
Those extensions have now been pulled. http://news.cnet.com/8301-1023_3-57617467-93/google-discards-extensions-that-force-feed-users-ads-in-chrome/
Thanks for the link! That was very informative, and identified at least two of the extensions that were causing problems. Users need to be aware of the dangers still, so the more people are informed about this the better, and also be aware that this could be a potential problem in the future as well.
And this, my friends, is why I tell everyone “NOT” to download “Chrome”.
It doesn’t affect download speeds in any way that a user would notice and if they do notice they have never the less down loaded “Corporate Malware”.
I disagree, but I don’t have 100 extensions like many others either. I did use Firefox but that memory hole that used up CPU’s never got fixed and Chrome is much faster since I started using it last year.
Chrome sucks because you cannot turn off the automatic updates.
I use Chrome (as well as IE). I’m a web developer.
With Chrome I use 3 extensions, AdBlock (it would be ironic if they sell to an adware group), Web Developer, and ColorZilla (for picking color ids).
Is it demosntrably faster than using a regular brower would be the question and I would argue “Not to the human experience”.
Thanks for your reply. I’ll keep on reading up on tablet security.
The dam thing is couched with the repeated Flash updates, so a user needs to slow down on this install, otherwise Chrome gets quietly installed.
Since firefox was nuking my whole computer and dragging everything down to a crawl, I’d say yeah it is much faster. The browser may not be so much faster but my computer certainly is now.
Oh your computer is faster now.
Seen that a lot.
What anti virus were you running when you made. the change and then noticed?
I have found AVG to compete horribly with web browsers and certain extensions.
The problem was not anti virus but Firefox using 80% of my CPU
Actually, Firefox may be at risk. Extensions, by their very nature, use Chrome as an executable mechanism. If you ever go to configure one of your extension in Firefox, for instance, you may notice the URL line starts with chrome:\\
Better safe than sorry.
Thanks for the tip. I use AdBlocker and Ghostery primarily, with only an occasional video downloader extension on FireFox but I should probably take a closer look at the last one and of course any newer ones to make certain this problem does no crop up in the future.
Being primarily a Firefox user, I am aware of several extensions, add-ons that were found to infect your computer with adware, malware. It’s not neccesssarily a Chromr issue.