Chrome browser's security is debated(Photo: Mark Lennihan AP)
SAN FRANCISCO (USATODAY.com) - Google pulled two extensions that were available for its popular Chrome web browser after complaints about the software showing unwanted ads.
The extensions, Add to Feedly and Tweet this Page, were updated to add new software that served ads in unusual places on web pages, upsetting users. This type of adware violated Google's policies and the company removed the extensions from its Chrome Web Store after being contacted about the issue by the Wall Street Journal.
Google said last month that it is changing its Chrome Web Store policies this June to limit extensions to a "single purpose that is narrow and easy-to-understand." The Internet giant admitted that not all extensions lived up to this ideal.
Extensions that purport to be one thing but do another, such as inject ads, will be automatically detected and removed and Google encourages users to flag any updates that add a secret or opaque secondary purpose for removal, a person familiar with the situation said on Monday.
These extensions are part of a larger business that focuses on installing software add-ons, such as toolbars, on people's computers when they download some other type of software from the Internet. Users often agree to this extra software because they do not read the long, complicated messages that accompany the opt-in process online.
Google yanked 59% more "bad" ads from its online systems last year as the world's largest Internet search provider stepped up a battle against a barrage of counterfeiters, suspect downloads and other malicious activity on the Web. However, as the company launches new ad products and formats, scammers and other bad actors adapt quickly.
Amit Agarwal, the original developer of the Add to Feedly extension, said in a recent blog that he sold the software to an unidentified third party for a four-figure sum of money without knowing what that entity planned to do with it.
"A month later, the new owners of the Feedly extension pushed an update to the Chrome store," Agarwal wrote. "No, the update didn't bring any new features to the table nor contained any bug fixes. Instead, they incorporated advertising into the extension."
The ads were not regular banner ads that users often see on web pages. Instead, they worked in the background, unseen by users, replacing the links on every website that they visited into "affiliate" links, he explained.
"In simple English, if the extension is activated in Chrome, it will inject adware into all web pages," Agarwal wrote.
"This is turning out to be a new business model for some extension developers since it is otherwise difficult to monetize a Chrome extension," Agarwal told USA TODAY in an email on Monday.
"The problem has been around for a long time and has been discussed at length at several online forums but Google never really acted," he added. "The Chrome store is open (anyone can submit) and there's no audit process in place."
Google's new policies will help, but they will be technically difficult for the company to implement, Agarwal said.