feedlyMillions of Chrome users place their trust in the hands of extension developers. But what happens when add-ons are sold to a new owner? 

In what sounds like the paranoid conspiracy theory of an anti-Google shill, some popular Chrome extensions are reportedly being bought up by pedlars of malware looking for a fast way to infect thousands of users at once.

This is precisely what happened to one of Chrome’s most popular* third-party Feedly extensions.

‘Four figure sum for an hours work’

The developer of the ‘Add to Feedly’ extension, Amit Agarwal, says that he was approached out of the blue by a (mysterious, un-Googleable) individual wanting to buy his add-on.

“It was a 4-figure offer for something that had taken an hour to create and I agreed to the deal,” explains Amit on his blog.

Such an offer would tempt most of us. But in pocketing the money, and transferring ownership to another party, Amit also sold the trust of the 30,000+ users who had chosen to install it.

Just a few short months after completing the deal the new add-on owners issued their first, and thus far only, update. One that added an unwelcome new ‘feature’: adware.

Google updates Chrome extensions silently in the background, meaning the majority of users would have been unaware that the spammy links, pop-up ads, and intrusive affiliate code embeds suddenly affecting each and every site they visited were the fault of their dependable Feedly add-on.

Those that were able to narrow it down soon took to the Chrome Web Store to vent their disappoint, which is how Amit first became aware of the issue.

In a galling twist, a switch to turn “off” advertisements was included with the update but, according to user reports, is nothing more than a dummy. Whether on or off, unwanted adverts continue to show up.

‘Shady Practice’

But is this an isolated incident? It seems not.

Tech reporter Ron Adameo found himself experiencing the brutish reality of an ad-injecting add-on update, transforming a once-handy Twitter tool into an ad-injecting machine” that hijacked his every Google search.

As Google Chrome grows in popularity it’s probable that these sorts of shady, underhanded practices will increase along side it.

*We’ve chosen not to include a link to the add-on at the centre of this article.
Extensions News feedly malware security