Millions of Chrome users place their trust in the hands of extension developers. But what happens when add-ons are sold to a new owner?

In what sounds like the paranoid conspiracy theory of an anti-Google shill, some popular Chrome extensions are reportedly being bought up by pedlars of malware looking for a fast way to infect thousands of users at once.

This is precisely what happened to one of Chrome’s most popular* third-party Feedly extensions. […]

Chrome extensions are updated silently in the background, so the majority of users would have been unaware that the spammy links, pop-up ads, and intrusive affiliate code embeds, suddenly affecting each and every site they visited were the fault of their dependable Feedly add-on. […]

*We’ve chosen not to include a link to the add-on mentioned in this article.

read more »

via

Once in control, they can silently push new ad-filled „updates“ to those users.

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. […] Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

read more »

via