You may not know it right now, but there is a probability that a Chrome extension you are using right now is injecting advertisements into sites that you visit without your knowledge. They pick the type of advertisement based on the formatting on the site, and then they use data they took from you to target the ad to something that appeals to you. If you think that such a thing will not harm you, consider the fact that these extensions are walking a fine line between adware and malware that you do not want to get caught inside of.
A report from Ars Technica has revealed that Chrome’s automatic updates also include extensions. By extension (pun intended), that will also update any code from developers that want to harm your system and use your data in ways that could cause you some harm. These aren’t the typical bad guys, either. Lots of very sterling-quality extensions have been taken over by developers that know how to “game” the automatic updating system to slowly and surely transform something that enhanced your browsing experience into something that makes it into a nightmare.
Aside from spamming the sites you visit with advertisements, they can also sign you up for newsletters and mailing lists without your consent. Your inbox will be much more loaded with spam than in the past.
After reports have demonstrated that millions of Chrome users are browsing the web with malicious extensions that can steal login details and other valuable information, Google has decided to conduct a purge. In one instance, a browser extension called “Webpage Screenshot” had code that would get data from all of the user’s traffic on their PC.
The purge by Google has removed almost 200 extensions that have affected a grand total of around 14 million users after receiving more than a hundred thousand complaints about ad injecting software. There’s no news or commentary demonstrating that this is the end of it, though. There could still be many extensions out there that have malicious code.
Although Google is actively working to ensure that Chrome users have a malware-free browsing experience, it cannot do all of the legwork. You will have to also fight the battle!
Here’s What You Can Do
Go to your extensions area under “Settings” right now and have a look at every single extension you have installed. Click on “Details”, then click on “View in store”. Check the “Reviews” area. If there are multiple complaints about this software injecting ads, or doing any other malicious activity, uninstall it. That’s the easiest way you can vet your own extensions.
In addition to this, you may want to install ExtShield (now called Shield for Chrome), which notifies you of any extensions that may be guilty of wrongdoing, then prompts you to uninstall them.
As consumers of web content and browsers, we must do our part to ensure that we don’t get caught in a web of malware! Similarly, we must also do this for others. Spread the word about bad extensions and their solution by sharing this!
If you have any more thoughts to add, please leave a comment so we can amplify the discussion.