Hijacking Chrome

Users of Google’s Chrome web browser could be in for a lot of grief due to one of the features that makes it so popular: its extensions.

Extensions add functionality to the browser and, like Chrome itself, are automatically updated to ensure users always have the latest version. But what happens when good extensions go bad?

Ars Technica reports on that adware vendors are buying out and corrupting established, legitimate extensions …

Amit Agarwal, developer of the “Add to Feedly” extension … got an e-mail offering “4 figures” for the sale of his Chrome extension. The extension was only about an hour’s worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first … update, which injected adware on all webpages and started redirecting links. Chrome’s extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer’s intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension’s user base.

(emphasis added)

Remember, because Chrome is “One browser for your computer, phone and tablet”, once one device is infected, it propagates to all the others!

The “Add to Feedly” affair is not an isolated incident. It’s been reported that another simple Chrome extension called “Tweet This Page” (subsequently removed from Chrome’s Web Store) suddenly became an ad-injecting, search-hijacking monster.

What’s even more worrying is that normal removal techniques don’t work. Virus scanners don’t spot ’em, and even wiping your computer and reinstalling the OS from scratch won’t help as the extensions are synced from your Google account. When you sign-in, they’re just downloaded all over again.

The only way to be rid of the malware is to find the extension in chrome://extensions and remove it—and to make sure the removal gets propagated to your account and down to all your other devices. Even when you have it narrowed down to Chrome, since nothing detects a malicious Chrome extension, the best course of action is to meticulously check the latest reviews of every extension and hope that someone else has figured out where the ads are coming from.

Extensions can even be “side-loaded” — bundled in with another piece of software — so that users aren’t even aware they’ve been added.

Google have announced a new policy aimed at reducing or preventing extension hijacking, but it doesn’t come into force until June.


DocFetcher: Find it fast

docfetcher-logoIf you work with documents or archives, you need DocFetcher, an open source desktop search application for Windows, Mac and Linux. Think of it as Google for your documents.

Select the folders you want to search and DocFetcher will create an index of them so you can do keyword-based searches on their contents. That’s not as trivial as it sounds. (If you’ve ever tried looking at inside a PDF or DOC file in Notepad, you’ll know what I mean!) Text isn’t stored in plain text format, which can make searches difficult. But that’s okay because DocFetcher understands the following …

Document formats:

  • Microsoft Office (doc, xls, ppt)
  • Microsoft Office 2007 and newer (docx, xlsx, pptx, docm, xlsm, pptm)
  • Microsoft Outlook (pst)
  • OpenOffice.org (odt, ods, odg, odp, ott, ots, otg, otp)
  • Portable Document Format (pdf)
  • HTML (html, xhtml, …)
  • TXT and other plain text formats (customizable)
  • Rich Text Format (rtf)
  • AbiWord (abw, abw.gz, zabw)
  • Microsoft Compiled HTML Help (chm)
  • MP3 Metadata (mp3)
  • FLAC Metadata (flac)
  • JPEG Exif Metadata (jpg, jpeg)
  • Microsoft Visio (vsd)
  • Scalable Vector Graphics (svg)


Archive formats:

  • zip
  • 7z
  • rar
  • tar.*

One particularly neat feature is that DocFetcher can handle an unlimited nesting of archives (eg. a zip archive containing a 7z archive containing a rar archive… and so on).


Query syntax:

Doc Fetcher’s query syntax supports basic constructs such OR, AND and NOT, but it will also handle:

  • Wildcards
  • Phrase search
  • Fuzzy search (“find words that are similar to…”)
  • Proximity search (“these two words should be at most 10 words away
    from each other”)
  • Boosting (“increase the score of documents containing…”)


DocFetcher’s free and Open Source. That means the source code is there for anyone to take and use as they please. Why is that important? Anyone remember Google Desktop, one of DocFetcher’s major commercial competitors? It was discontinued in 2011.