Google pulls Chrome Web Developer extension over ad-injecting

Martin Brinkmann
Aug 2, 2017
Updated • Aug 2, 2017
Google Chrome
|
7

Google just pulled another Chrome extension from the official Chrome web store after it found out that the extension started to inject advertisement into sites user visited in the web browser.

A 404 not found error is displayed when you open the Chrome web store presence of the Web Developer extension right now.

The extension had a rating of 4.5 stars (out of five), and more than 3000 user ratings before it was pulled from the store.

Update: The page is online again. The developer stated that the account was compromised and that a bad version of the extension with the ad-injecting code was uploaded. He uploaded a new clean version, version 0.5, and the addon is now reinstated.

The description of the extension read:

Adds a toolbar button with various web developer tools. The official port of the Web Developer extension for Firefox.

Web Developer is a popular add-on for the Firefox that has nearly 300000 users and a five star rating on the Mozilla Add-ons website.

The last updates of the Chrome version of the extension date back to February. Considering this, it is possible that the extension was hijacked by a third-party and modified in the process to display advertisement on websites in Chrome.

While Google blocked the installation of the extension by deleting it from the Chrome Web Store, users who have installed the extension already are still exposed to the issue.

It is recommended to remove the Web Developer extension for Chrome immediately, or at least disable it, to avoid this issue.

Please note that the circumstances are still unclear right now. If you want to be on the safe side, it is suggested to remove the browser extension from Google Chrome.

Neither the Firefox nor the Opera extension appear to have been hijacked. The last Firefox update dates back to April 2017 on Mozilla AMO, and there are no user reports that the add-on started to inject advertisement all of a sudden.

This is not be the first case of Chrome extensions being abused for malicious activities. The popular Copyfish extension was hijacked by attackers as well last month.

Google uses automated security scans to test extensions for malicious content. It appears that those don't work as well though, considering that third-parties with malicious intent may modify the extensions to inject ads on sites without any alarm bells going off.

This is different from Mozilla AMO, the official Firefox add-on repository. All add-ons are vetted by human editors before they are listed in the store.

Summary
Google pulls Chrome Web Developer extension over ad-injecting
Article Name
Google pulls Chrome Web Developer extension over ad-injecting
Description
Google just pulled another Chrome extension from the official Chrome web store after it found out that the extension started to inject advertisement into sites user visited in the web browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. gorhill said on August 3, 2017 at 5:55 pm
    Reply

    > Please note that the circumstances are still unclear right now.

    Found a tweet by the author shedding a bit of light on what happened:
    https://twitter.com/chrispederick/status/892777345089536000

  2. pd said on August 3, 2017 at 5:39 pm
    Reply

    Chris has published this extension for a very long time without resorting to any malpractice. I thought it had to be either a desperate move by him, or something abnormal going on.

  3. Xibula said on August 3, 2017 at 12:54 am
    Reply

    wow got removed and re approved so fast
    unlike FailFox

  4. Tom Hawack said on August 3, 2017 at 12:41 am
    Reply

    Maybe is it time that Google starts being less offhand with the extensions it provides. You wouldn’t see such fantasies on AMO and should a crappy add-on appear it would be kicked out before its first breath.

    Good Lord, how can anyone use such a browser, developed by an advertisement and tracking company? A denial of facts when human nature forgets it all when thrill, emotion, fashion are of the lot. Because that’s the company’s communication, cool, “try it if you want, don’t count on us to pledge for the product, it’s good, up to you to see”. Google’s empire is based on psychology. Of course the products aren’t bad but with another communication, old as Microsoft’s, Google Chrome wouldn’t be where it is. Like MacDo, everyone knows it’s garbage food and yet people buy it. Fashion. Same with Google. Looks nice like burgers do but in fact it’s basically trash.

    When I say ‘people’ I forget all those who strive for health, in food and in computing. Count me in.

    1. Xibula said on August 3, 2017 at 6:52 am
      Reply

      lets not forget that the advertisement and tracking company helped to develop the multiprocess firefox is using, the webextension firefox is using and the pdf viewer firefox is gonna use

  5. Dwight Stegall said on August 2, 2017 at 6:55 pm
    Reply

    I use Web Developer by Chris Pederick https://chrome.google.com/webstore/detail/web-developer/bfbameneiokkgbdmiekhjnmfkcnldhhm

    It handy for disabling Javascript when sites won’t let you read their content until you disable your ad blocker.

    1. Martin Brinkmann said on August 2, 2017 at 7:08 pm
      Reply

      Dwight, this was the version affected. The author stated in the comments that the account was compromised and that a hacked version was uploaded.

      The new version 0.5 is clean and replaced the hacked version. Google has reinstated the page.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.