Bad news: Those extensions could be used to push spam into your browser.
Malware and adware vendors have realised that they can take advantage of Chrome’s automatic updates to hit unsuspecting extension-users, according to Ars Technica.
Ars tells the story of Amit Agarwal, the developer of an extension called “Add to Feedly,” who was approached by someone offering to pay “four figures” for his app. Agarwal sold and transferred the ownership of his extension to another Google account. A month later, the new owner released an update to the extension: An update that injected adware on all webpages for Add to Feedly’s 30,000 users. Those users had no idea that the extension had changed hands, and most probably didn’t realise that it was their new source of spam, since the app had automatically updated without notifying them.
Unfortunately, this practice of using extensions to attack users with ads seems to becoming more common.
What should you do?
Ars recommends downloading an extension that will let you know when your other extensions update, so that you can try to spot correlations between new updates and increased spam. Plus, if you start noticing more intrusive ads than usual when you’re browsing the web, it’s worth checking the latest reviews of any extensions you’re using to see whether other uses have complained.
Finally, be wary of simple extensions from small extension makers, as they’re the easiest prey for malicious malware vendors.