Ads, malware, and the update vulnerability

malwareYesterday I wrote about a Chrome extension, “Webpage Screenshot Capture,” that was generating JollyWallet pop-up ads whenever I visited an e-commerce website.

This morning, coincidentally, I came across an Ars Technica article entitled “Adware vendors buy Chrome Extensions to send ad- and malware-filled updates.” Someone more tech savvy than I will have to decide whether JollyWallet is an example of what Ars is talking about, but it certainly sounds like it to me.

The article points out that Chrome’s auto update of extensions, while convenient, is a vulnerability that advertisers are learning to exploit. They buy existing extensions from the original authors and then use the updates of those extensions to push out ads and malware. Users have no idea the undesirable content is coming from an extension they installed possibly months before.

I just spoke with my son (a developer) about this, and all kinds of light bulbs came on. He says the Ars author was too limited in his thinking and points out that the problem would not apply just to Chrome extensions and its auto updates. It is a vulnerability any time you update any app or program on your computer or mobile device. Most of us, when an update is offered for one of our apps, don’t read the fine print; we just click to allow or install the update.

Theoretically, and limited only by what they are willing to spend, advertisers and malware distributors could buy any app or program, unbeknownst to its users, and start pushing out their content via updates.

7 comments

    1. It is. But my son was quick to point out that all browsers support extensions and add-ons. True, Chrome has the auto update, which the Ars article says cannot be disabled, and that makes it a little less likely that you’ll notice when something is updated. But any update to any app has the potential to be used like this if the wrong people control it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s