Google removed two Chrome browser extensions from its web store after it was discovered the software included code that served people ads in a way that violated the company’s terms of service, reports WJS. Internet message boards were abuzz this weekend over the two extensions — “Add to Feedly” and “Tweet This Page” — each of which had fewer than 100,000 users. In both cases, people described how the extensions were silently updated to include code that served undesirable ads.
One user review for “Add to Feedly” called the extension “spam” that caused ads to suddenly pop up on any website visited.
Extensions are small bits of code that alter a browser by adding new features or removing others. AdBlock, for example, is a popular extension that automatically blocks advertising on websites.
Google updated its policies in December to prevent software developers from using extensions to insert advertising on more than one part of a page. A form of malware called adware injects ads on multiple spots of a web page, including places ads don’t normally exist, for example on Google’s sparse home page. Google says extensions must have “a single purpose,” and be “narrow and easy-to-understand.”
While “Add to Feedly” and “Tweet This Page” had small numbers of users, their kind of situation could be more pervasive: The owners of far more popular extensions say they have been offered money to incorporate ad code into their extensions.
People who install extensions might not be aware that the software can be silently updated to include code that serves ads or reports back browsing habits. Google doesn’t review changes to the code of Chrome extensions, and Chrome allows extensions to be updated and pushed to users’ computers automatically.
The practice likely isn’t limited to Google’s Chrome browser. A year ago, Martin Brinkmann, writing on Ghacks.net, pointed to an extension for the Firefox browser called “Autocopy” that had been purchased by Wips.com. Brinkmann said the company then added software that tracked users’ browsing habits.
Wips didn’t respond to an email seeking comment. Mozilla, which operates the Firefox browser, didn’t immediately comment on how code may be added to extensions in Firefox.