Yesterday, η Google has decided to remove two extensions from Chrome Web Store. These were two fully functional ad blockers. However, the company was informed by a researcher that these ad blockers were cheating on them users using the names of other more popular and trusted extensions.
The two extensions that were removed are "AdBlock”By“ AdBlock, Inc. ”and“uBlock”By“ Charlie Lee ”. In addition to exploiting the names of other extensions, both ad blockers were removed for using cookie stuffing.
The cookie stuffing allows one website or an extension of browser to add more information to a user's cookie. In fact, the user visits a site and receives a third-party cookie from one website not related to what he has visited.
The administrators of the two extensions modified the archives cookies when users visited a site. These modifications allowed administrators to collect commission from payments that users could make on the sites they visited.
The two extensions could be activated on many popular sites, such as Microsoft.com, teamviewer.com, linkedin.com, aliexpress.com, booking.com and more.
The researcher who discovered the malicious activity of ad blockers is Andrey Meshkov, co-founder and CTO of AdGuard. The researcher noted that his procedure cookie stuffing started 55 hours after installation and stopped if users opened Chrome's Developer Tools.
Both extensions were based on the original AdBlock extension code.
Meshkov published his findings a few days ago. Google has updated the issue security and removed immediately the extensions to protect its users. In addition, extensions have been disabled in all user browsers. This was done in an attempt to prevent future attacks on Chrome users. The risk was very high, as both ad blockers were quite popular. The 'AdBlock' extension had more than 800.000 installations and 'uBlock' had over 850.000.