What’s Happening?

A report from Ars Technica has revealed that Chrome’s automatic updates also include extensions. By extension (pun intended), that will also update any code from developers that want to harm your system and use your data in ways that could cause you some harm. These aren’t the typical bad guys, either. Lots of very sterling-quality extensions have been taken over by developers that know how to “game” the automatic updating system to slowly and surely transform something that enhanced your browsing experience into something that makes it into a nightmare. Aside from spamming the sites you visit with advertisements, they can also sign you up for newsletters and mailing lists without your consent. Your inbox will be much more loaded with spam than in the past.

Google Responds

After reports have demonstrated that millions of Chrome users are browsing the web with malicious extensions that can steal login details and other valuable information, Google has decided to conduct a purge. In one instance, a browser extension called “Webpage Screenshot” had code that would get data from all of the user’s traffic on their PC. The purge by Google has removed almost 200 extensions that have affected a grand total of around 14 million users after receiving more than a hundred thousand complaints about ad injecting software. There’s no news or commentary demonstrating that this is the end of it, though. There could still be many extensions out there that have malicious code. Although Google is actively working to ensure that Chrome users have a malware-free browsing experience, it cannot do all of the legwork. You will have to also fight the battle!

Here’s What You Can Do

Go to your extensions area under “Settings” right now and have a look at every single extension you have installed. Click on “Details”, then click on “View in store”. Check the “Reviews” area. If there are multiple complaints about this software injecting ads, or doing any other malicious activity, uninstall it. That’s the easiest way you can vet your own extensions. In addition to this, you may want to install ExtShield (now called Shield for Chrome), which notifies you of any extensions that may be guilty of wrongdoing, then prompts you to uninstall them.

Conclusion

As consumers of web content and browsers, we must do our part to ensure that we don’t get caught in a web of malware! Similarly, we must also do this for others. Spread the word about bad extensions and their solution by sharing this! If you have any more thoughts to add, please leave a comment so we can amplify the discussion.