Beware of Google Chrome browser extensions that inject ads and links

Here is something that is unsettling to me. You think Google, you think secure. Right? You think that multiple people complaining about adware/ad injection from an extension on the Chrome Web Store might have an effect. As in, how many reports of this behavior need to be reported before something is done about it? This has been months I see of comments from users about seeing ads injected where there shouldn’t be ads and that the culprit is indeed on specific extension.

I’ll be completely honest. Am I expecting extensions or addons to be adware or malicious in any way especially when the company allowing the activity is Google? Most certainly not. I have indeed had my eyes opened and if you are using extensions in Chrome then I suggest you pause and rethink this.

I am mainly a Firefox user these days. I can’t speak to other browsers that have addons or extensions that expand the usability of those browsers, but the quality control must be suspect across the board. Afterall, if Google Chrome has this activity occurring then I don’t see how anyone else could be immune. I don’t think this is a Google Chrome problem, but it’s a problem with letting random people create programs that you run on your computer that are not properly screened.

What’s troubling is that Norton 360 didn’t see anything wrong. I have no indicators at all about there being something fishy going on. It would appear that this method of injecting links/ads into a browser is a new frontier of sorts. Troubleshooting for me wasn’t too bad but that’s only because I’m fairly well versed in this type of situation. I also didn’t have that many extensions in Google Chrome which did help.

I won’t say on a scale of 1 to 10 how malicious this ad injection was that I dealt with. I think it’s the fact that somebody is on my computer without me authorizing it is the most troubling part. In a sense I should be grateful for this experience because now I’m a whole lot wiser about extensions and addons. It will likely take something malicious before more is done to fix this gaping hole in browser security.

In a way this comes full circle for me. Firefox made me angry when they disabled all addons unless the authors would submit them again, through a different system of authorizing their use. If the addons are not updated, they are disabled and were disable to my frustration. Now it looks like I was wrong. It does appear that Firefox was being proactive and that they actually knew the risks associated with older or less scrutinized addons from before. They, in a sense, closed the hole and put the onus on the addon developer to decide whether they wanted to get it updated so it can be run on Firefox and not disabled. Given my experience with Google Chrome and an ad injecting extension today, I actually commend Firefox for getting ahead of this thing.

So take my story, and hopefully be wiser about extensions and addons. Trust me when I say it’s a bad feeling to see something injected onto your screen and then try to figure out what it is and how it got there.

ad-injection-location

I should mention how this happened. I was working on a website of mine and noticed a link on the word “shopping”. This link should not have been there! I know my site and I did not create a link for the word “shopping” in that spot. Looking at the link, it was to an ebay store. Ebay store link? Did I install an eBay extension? Nope. I looked into this and noticed it was only a Google Chrome issue. That is when I was able to figure this out. What is also quite troubling is that there is not a lot of resources or link when you are searching Google for answers on what this is all about. This is why I’m suggesting these ad injecting technique is a bit new and that a lot of users are unaware that they are clicking ads or seeing pop ups because of some extension or addon they have innocently added to their browser.

Be careful out there folks!

google-chrome-browser-extension-ad-injection

No comments yet.

Leave a Reply