Google Inc (NASDAQ:GOOG) has removed two Chrome extensions from its Chrome web store after the search engine giant found that the extensions were infected with adware and malware. The extensions are “Tweet This Page” and “Add To Feedly.” Extensions are scripts of code that can add a new feature or remove an already existing one from a web browser.
Shady marketers exploit Google’s autoupdating policy
Google Inc (NASDAQ:GOOG)’s latest action was necessary in the wake of fraudulent online marketers using new techniques. Shady marketers buy trusted Chrome extensions that have a large installed base, and then exploit Google Inc (NASDAQ:GOOG)’s “autoupdating” policy to push out malware and adware. The autoupdating policy is aimed at providing users better security by installing fixes to Chrome extensions without seeking user permission.
Both extensions breached Google Inc (NASDAQ:GOOG)’s developer policies. The original developer of one of the extensions had sold his extension to an online marketer, unaware of his shady intentions. Amit Agarwal, the developer of “Add to Feedly” said he regrets selling his product. His extension allowed users to add a website to Feedly in just one-click. Agarwal’s extension had about 30,000 users, and sold it for a four-figure sum. He found out the buyer’s actual intention after about a month.
Google improves Chrome
The practice of buying trusted extensions with a wide installed base and exploiting them for nefarious purposes isn’t new. Another developer, Gemusan, said that he has also been approached by shady marketers several times, but he refused to sell his product. Gemusan developed the Honey Chrome extension, which provides one-click coupon code service. Honey has more than 700,000 users.
Moreover, Google Inc (NASDAQ:GOOG) said the improved features of Chrome will identify malicious files, and show pop-ups before the file begins downloading. The pop-up will warn users, giving them the option to block it or download it. Chrome already has a Safe Browsing program, which warns people when they visit a malicious website.