Google pulls Chrome Web Developer extension over ad-injecting

Google just pulled another Chrome extension from the official Chrome web store after it found out that the extension started to inject advertisement into sites user visited in the web browser.

A 404 not found error is displayed when you open the Chrome web store presence of the Web Developer extension right now.

The extension had a rating of 4.5 stars (out of five), and more than 3000 user ratings before it was pulled from the store.

Update: The page is online again. The developer stated that the account was compromised and that a bad version of the extension with the ad-injecting code was uploaded. He uploaded a new clean version, version 0.5, and the addon is now reinstated.

The description of the extension read:

Adds a toolbar button with various web developer tools. The official port of the Web Developer extension for Firefox.

Web Developer is a popular add-on for the Firefox that has nearly 300000 users and a five star rating on the Mozilla Add-ons website.

The last updates of the Chrome version of the extension date back to February. Considering this, it is possible that the extension was hijacked by a third-party and modified in the process to display advertisement on websites in Chrome.

While Google blocked the installation of the extension by deleting it from the Chrome Web Store, users who have installed the extension already are still exposed to the issue.

It is recommended to remove the Web Developer extension for Chrome immediately, or at least disable it, to avoid this issue.

Please note that the circumstances are still unclear right now. If you want to be on the safe side, it is suggested to remove the browser extension from Google Chrome.

Neither the Firefox nor the Opera extension appear to have been hijacked. The last Firefox update dates back to April 2017 on Mozilla AMO, and there are no user reports that the add-on started to inject advertisement all of a sudden.

This is not be the first case of Chrome extensions being abused for malicious activities. The popular Copyfish extension was hijacked by attackers as well last month.

Google uses automated security scans to test extensions for malicious content. It appears that those don't work as well though, considering that third-parties with malicious intent may modify the extensions to inject ads on sites without any alarm bells going off.

This is different from Mozilla AMO, the official Firefox add-on repository. All add-ons are vetted by human editors before they are listed in the store.