Chrome Extensions and Malware
Lately, there’s been a bit of a buzz surrounding Google’s Chrome browser and it’s browser add-ons also referred to as plugins or extensions. Recently several articles have surfaced with talk of how Chrome extensions are being sold to Adware vendors. These vendors then have the power to send adware filled updates directly to your computer without you ever knowing it until it’s too late. Not good, not good at all. This is a problem because these Adware vendors can then inject spyware and adware into the extensions without your knowledge.
Chrome is a popular browser. I use it every day. According the the latest report at W3counter.com, Chrome now accounts for approximately 36% of the browser market share. It’s fast, light and has quickly become a favorite of many Internet surfers around the world. It’s ironic that arguably one of the more endeared features of Chrome, it’s browser extensions, is now being exploited for bad. There are tons of Chrome extensions available that have been created by innovative and talented developers. These extensions can be anything from a simple game like “Cut the Rope” to a weather plugin. They are downloaded from the Google Chrome store which lends some credibility to them, right? Google wouldn’t harbor malicious extension in their own store, would they? No they would not. Unfortunately, what Google can’t control is the sale of these extensions by the original developers to the highest Adware vendor bidder. Once this happens, these vendors can push out updates that will track your movements and/or display ads anywhere and everywhere you go on the Internet to tens of thousands of innocent folks surfing the web. This is done quickly and without YOU knowing.
You might be wondering how this can be. It’s because Chrome is automatically updated which, normally, is a nice thing. Google also allows the extension developers to update their plugins which are automatically pushed down to your computer. This is all fine and dandy in a perfect Internet world where no malware, spyware and adware exist. But unfortunately, the Internet is not perfect. Many millions of Internet users won’t have any clue what hit them. Many of them don’t even know what an extension is and how it works. In Google’s defense, they are taking measures to deal with this latest concern.
In the meantime, it is imperative that all users of Chrome analyze every single Chrome extension they have installed and remove any that are not owned by Google or another reputable company who would never sell to an Adware vendor. I have done this to all computers in my home and have recommended this to my co-workers, friends and family. Below are detailed instructions on how to remove extensions from the Google Chrome browser.
Open Chrome, select the customize button located at the upper right corner of the browser.
Select Remove or at the very least, uncheck the Enable check box to disable the extension.
Confirm the removal of the plugin by selecting Remove.
If you get a chance, read this great post on browser extension spying by How-to-Geek. It is well written and an eye opener.