Malware vendors buy Chrome Extensions to send adware-filled updates

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners. This means that it’s up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.

To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

We ought to clarify here that Google isn’t explicitly responsible for such unwanted adware, but malware vendors are exploiting Google’s extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven’t heard back yet. We’ll update this article if we do.

Read 6 remaining paragraphs | Comments

via Ars Technica http://ift.tt/1misSOZ

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s