It was revealed in early April that Google identified and disabled nearly 200 extensions for its Chrome browser that were unknowingly injecting advertisements into Web pages opened by more than 14 million users.
The nefarious extensions were found following a study conducted jointly by Google and the University of California Berkeley that showed that more than five percent of Web users who accessed Google websites had an ad injector installed. Of that group, one-third had at least four malicious extensions in use on their machines. But it wasn't only Chrome extensions that were detected during the study. Ad injectors were also found to be affecting browsers like Internet Explorer and Mozilla Firefox on both Windows and Mac OS X.
While Google doesn't specifically ban Chrome extensions from being published on its Web store from injecting ads into Web pages, the study found that the close to one-third of the extensions were actually injecting malware. Other extensions fell into the category of 'potentially unwanted programs', which often create serious security flaws on user devices. Google has recently taken action against PUPs and have started to display warning in Chrome when users try to download software that may be harmful. However, this will likely only make a dent in overall PUP installations because many of these programs are not directly downloaded from the Internet by users but are instead bundled inside other freeware applications.
Protecting enterprise networks from unwanted programs
As many enterprise IT departments have found, it can be incredibly difficult to prevent employees from utilizing unapproved applications and extensions to complete their work. Most people have specific tools they choose to use to finish their daily tasks and attempting to force people to use programs they don't like or understand can cause a major drop in productivity. A more effective way for IT decision-makers to keep unwanted IT programs from making their way onto enterprise networks is to document users' preferred applications and extensions and make an inventory of those that can continued to be used by the company. Once the programs have been vetted for safety they can be added to a list of approved programs. Any apps not appearing on the list can be blocked from being downloaded onto company devices. This practice, known as application whitelisting, allows organizations to accommodate the preferences of their employees while still keeping internal networks and data secure.