On September 16, 2019, Google removed two malicious ad blocking browser extensions from the Chrome Web Store. The extensions in question, AdBlock, and uBlock, originally appeared authentic due to the names being similar to two legitimate extensions, Adblock Plus and uBlock Origin. However, AdBlock and uBlock were found stuffing cookies, an illegal ad scheme.
In affiliate marketing, when influencers send visitors to other websites, the influencers are paid a certain percentage of sales revenue. Since cookies store user data, businesses use them to identify if the visitors had used the affiliate links to reach their site. In cookie stuffing, the extensions alter the cookies so that, in addition to the original influencer, attackers also earn affiliation fees for purchases made by users.
Even though Google had received multiple complaints regarding the nature of these extensions, they weren't removed from the Chrome Web Store until recently. According to a blog published by Andrey Meshkov, the co-founder and CTO of AdGuard, these ad blockers had excellent ratings and no negative reviews. AdBlock had more than 800,000 users, and uBlock had over 850,000, users.
Google is currently working on Manifest V3, a policy which will restrict certain capabilities of extensions. Until then, Meshkov has advised users to install extensions from the trusted developers' websites directly, rather than using the Chrome Web Store.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.