Google researchers have removed 200 ad-injecting extensions on its Chrome browser after discovering they were serving up malware to users.
The researchers removed the malicious extensions, which affected 14 million users, partially in response to more than 100,000 complaints Google has received from Chrome users about ad injectors in the past three months.
Ad injectors are not on their own malicious applications, but they do exhibit behavior unwanted by users. Typically, they push ads onto sites that individual users commonly visit and come bundled with other applications, making them difficult to remove.
Ad injectors also negatively affect advertisers and publishers. Advertisers do not know their ads are being injected and therefore are unaware of where exactly their ads are running, whereas publishers do not receive compensation for their ads and might be exposing their visitors to malware.
In a few weeks, Google will be releasing its research on ad injectors that it conducted in partnership with the University of California at Berkeley. Some important findings from this joint research project have already been leaked:
- Ad injectors were detected on all operating systems (Mac and Windows), and web browsers (Chrome, Firefox, IE).
- More than 5% of people visiting Google sites have at least one ad injector installed. Within that group, half have at least two injectors installed, and nearly one-third have at least four installed.
- Thirty-four percent of Chrome extensions injecting ads were classified as outright malware.
Currently, Google does not ban ad injectors, but it does place restrictions on their use, such as by requiring that their behavior be clearly disclosed to users and that they not violate policies that bar unwanted software.
As a result of its research, Google has vowed to refine its techniques used to spot ad injectors. It will also revise its AdWords policies to protect users from suspicious downloads.
“We [are] constantly working to improve our product policies to protect people online,” software engineer Nav Jagpal of Google wrote in a blog post. “We encourage others to do the same. We [are] committed to continuing to improve this experience for Google and the Web as a whole.”
News of Google’s research comes less than two months after the discovery of Superfish, ad-injecting software that until recently came pre-installed on all Lenovo computer products.