Google has been recently removing Chrome extensions published on the Chrome Web Store that inject advertisements into the browser without previously informing the user. All extensions published on the Chrome Web Store must adhere to the Developer Program Policies, requiring that extensions may show advertisements only if:
- This behavior is clearly disclosed to the user.
- There is clear attribution of the ads’ source wherever those ads appear.
- The ads do not interfere with any native ads or functionality of the website.
- The ads do not mimic or impersonate the native ads or content on the third-party website, and the ads adhere to the content policy on impersonation and deceptive behavior
(Chrome Developer Program Policies)
A Google Online Security Blog post on March 31, 2015 revealed that, “Researchers found 192 deceptive Chrome extensions that affected 14 million users; these have since been disabled.” Additionally, “Thirty-four percent of Chrome extensions injecting ads were classified as outright malware.”
While it is commendable that Google is taking a very proactive approach to eliminating deceptive or malicious software extensions for its Chrome browser, there are numerous other ways that ad injecting programs can install on a computer apart from browser extensions.
Adware can be bundled with other types of downloaded and installed software programs, or malicious software can be injected into a machine via a security vulnerability in the operating system, web browser or component that accesses the web such as Adobe Flash Player or Java Runtime Environment.
For more details about Google’s efforts and the problem of undesirable Adware software, check out article Google cracks down on ad-injecting Chrome extensions, by Lucian Constantin featured in PC World.
For more information about malware threats in general and some practical steps you can take to help prevent them, check out my article on Tips For Preventing Malware Infection.