An unknown company is actively buying up old Google Chrome extensions and using it to inject adware in order to make money. The modus operandi is simple: buy old Google Chrome extensions that have been abandoned or not updated for a long time, use them for various adware projects, make money doing that.
While it’s true that malicious Google Chrome extensions can be reported by the user, it often takes weeks, if not longer, for Google to take action. Besides, since these are pre-approved Google Chrome extensions, newer versions are very likely to pass through and be available to users to install on their Chrome browsers.
The problem is, some of these Google Chrome extensions may still be used or installed on thousands of user devices. Even though the developer may have abandoned a particular extension’s ongoing development, most users fail to disable or uninstall their old extensions.
Here’s What To Do
First of all, clean up your Google Chrome extensions by going to chrome://extensions/ (you’ll have to type this into your browser). You should be able to see all your current extensions and the permissions they have.
Second, clean up your Chrome apps – chrome://apps/ and uninstall anything that you don’t actively use.
Third, if you receive a notification from a Google Chrome extension for new permissions to be granted, make sure you do so only if you absolutely need it.
Fourth, if you notice any suspicious activity, report the extension to Google immediately. For example, a Chrome extension suddenly requesting permissions that it doesn’t really need.
Once you clean up your Google Chrome browser of all unwanted extensions and apps, do not install any new ones that you’re not going to be using on a regular basis. If you must, install it, but disable it when you aren’t using the extension.