Spam-Infested Chrome Extensions Removed From Chrome
January 21, 2014

Google Removes Two Ad-Spam Chrome Extensions

Enid Burns for - Your Universe Online

Google has taken action against two Chrome browser extensions that it found to be serving ads in a way that goes against Google's terms of service. The move was in response to user complaints, though it caused a great deal of discussion over the weekend.

"Internet message boards were abuzz this weekend over the two extensions — 'Add to Feedly' and 'Tweet This Page' — each of which had fewer than 100,000 users. In both cases, people described how the extensions were silently updated to include code that served undesirable ads. One user review for 'Add to Feedly' called the extension 'spam' that caused ads to suddenly pop up on any website visited," the Wall Street Journal reports.

The extensions are add-on code from independent developers that allow users to complete certain actions. For instance, the "Tweet This Page" extension allows users to click a button in the browser to tweet the headline and URL of the page that the user is on with minimal clicks.

Google updated its Chrome Web Store Policy in December to ensure that extensions adhere to Google's core principles for Chrome. "Extensions in the Chrome Web Store must have a single purpose that is narrow and easy-to-understand. While this has always been the intent of the Chrome extension system, not all extensions have lived up to this ideal," it said in the blog post describing the changes. "These multi-purpose extensions can crowd your browser UI and slow down your web browsing - sometimes significantly."

Chrome is updated by Google, which occurs in the background and often without a user being aware of the update. Extensions also receive updates in a similar manner, reports Ars Technica. The system helps Chrome run smoothly, but has a potential to create problems.

"To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension," Ars Technica's Ron Amadeo wrote.

When such a transfer occurs, the blame often falls on Google even though it is not explicitly responsible. Ars Technica learned that Google plans to change Chrome's extension policy in June. The new policy will require extensions to serve a single purpose, which is a stated mission from Google.

The "Add to Feedly" extension was recently acquired. "The uproar this weekend started when Amit Agrawal, the developer of 'Add to Feedly,'described on his website how he sold the extension to an unknown buyer for a small sum. He said the new owner added code that injected invasive advertising on users," the Wall Street Journal said.

Ars Technica also reported that the "Tweet This Page" had been recently purchased, and its purpose changed to insert ads.