fbpx

#Security

Google disables around 200 bad Chrome browser extensions

By  | 

Google has weeded out around 200 Chrome browser extensions in an attempt to save its users from unwanted ad injectors.

Ad injectors are programs that plug into the Google Chrome browser and inject adverts and redirection scripts onto websites. Sometime they even result in security risks for users.

According to a study conducted by company’s security analysts with researchers at University of California Berkeley, 34 per cent of Chrome extensions that inject ads have been classified as ‘outright malware’. As per the report, over 5 per cent of users visiting Google sites have at least one ad injector installed, half of those people had at least two injectors, and a third had at least four installed.

The study is based on conclusions from more than 100 million pageviews of Google sites across Chrome, Firefox, and Internet Explorer on various operating systems.

Explaining how ad injectors can cause problems for users, Google software Engineer Nav Jagpal wote in a blog post that “Ad injectors are programs that insert new ads, or replace existing ones, into the pages you visit while browsing the web. We’ve received more than 100,000 complaints from Chrome users about ad injection since the beginning of 2015—more than network errors, performance problems, or any other issue.”

“Unwanted ad injectors aren’t part of a healthy ads ecosystem. They’re part of an environment where bad practices hurt users, advertisers, and publishers alike.”

“People don’t like ad injectors for several reasons: not only are they intrusive, but people are often tricked into installing ad injectors in the first place, via deceptive advertising, or software “bundles.” Ad injection can also be a security risk, as the recent “Superfish” incident showed.”

Jagpal noted that ad injectors are even problematic for advertisers and publishers as advertisers often don’t know their ads are being injected, which means they don’t have any idea where their ads are running, while publishers, meanwhile, aren’t being compensated for these ads, and more importantly, they unknowingly may be putting their visitors in harm’s way, via spam or malware in the injected ads.

“In Chrome, any extension hosted in the Chrome Web Store must comply with the Developer Program Policies. These require that extensions have a narrow and easy-to-understand purpose. We don’t ban injectors altogether—if they want to, people can still choose to install injectors that clearly disclose what they do—but injectors that sneak ads into a user’s browser would certainly violate our policies.” he added.

Google has confirmed that all of the 192 deceptive Chrome extensions that affected 14 million users have been disabled.