Two Google Chrome Web browser extensions that were recently converted into malicious ad distributors by new owners have been removed by Google from the Play store app galleries.
The two extensions were removed from the Play store “after they began delivering malware to their users,” the story reported. “The malicious ads began displaying after the extensions were purchased from their original developers.”
The extensions, called Add to Feedly and Tweet This Page, were recently changed by their new owners, who “took advantage of a Chrome feature that allows developers to update their extensions without notifying users,” the story reported. That allowed the updates to add malware ads to the extensions, according to the story.
Google does not permit app developers to say their apps will do one thing and then deliver a different user experience, according to its user policies. The use policies state that apps that violate those terms will be deleted from the Play store. Google encourages users to flag and report such apps so that they can be removed.
Amit Agarwal, the original developer of the Add to Feedly extension, wrote a Jan. 16 blog post on his own Website explaining how the problem had surfaced.
“I sold one of my Chrome extensions to an unknown developer for a 4-figure deal,” he wrote, but that move led to the new owner changing its code and not advising existing users. “A month later, the new owners of the Feedly extension pushed an update to the Chrome store. No, the update didn’t bring any new features to the table nor contained any bug fixes. Instead, they incorporated advertising into the extension.”
The problems with the changes were jarring for many users, Agarwal wrote. “These aren’t regular banner ads that you see on web pages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links. In simple English, if the extension is activated in Chrome, it will inject adware into all web pages.”
The modified extension “does offer an option to opt-out of advertising (you are opted-in by default) or you can disable them on your own by blocking the superfish.com and www.superfish.com domains in your hosts file but quietly sneaking ads doesn’t sound like the most ethical way to monetize a product,” wrote Agarwal. “It was probably a bad idea to sell the Chrome add-on and I am sorry if you were an existing user. Meanwhile, you can switch to the Feedly bookmarklet for the adware-free experience.”
Earlier in January, Google released the Chrome Version 32 Web browser to the stable channel for users. The new release includes indicators on the browser tabs so that users can quickly find tabs that may be running audio sound clips, Webcams or Webcasts, which can be distracting. Also included in the latest browser is a different look for Windows 8’s Metro mode, as well as the automatic blocking of malware files. The feature that will let users shut down tabs that have unwanted audio files was introduced in November 2013 as a beta feature and is now being integrated as a standard feature. Users can visually scan their browser tabs to find the noisy, offending tab so that it can be quickly closed.
Eleven security fixes are also built in, including four high-threat issues and one medium-threat issue. Several known issues remain, including keyboard input problems in Windows 8 Metro mode, while dragging and dropping files into Chrome may not work properly.
In September 2013, the Chrome browser celebrated its fifth birthday. Launched in 2008 as a desktop or laptop application, Chrome today is widely used as a mobile browser on many different devices by users to browse the Web and conduct searches whether they are at home, at work, traveling or vacationing.
Chrome has had quite a ride since its birth. In June 2012, it surpassed Microsoft’s Internet Explorer as the world’s most used browser for the first time, and it added lots of useful features over the years to encourage even more users to adopt it.