Here's the list of Chrome extensions that inject malware or ads into webpages, thanks to /u/smooshie:
> Add to Feedly
> CrxMouse (supposedly anonymized tracking)
> [Hola Unblocker](http://www.reddit.com/r/chrome/comments/1rhnm2/psa_chrome_extension_hola_unblocker_is_injecting/)
> [HoverZoom?](http://www.reddit.com/r/technology/comments/1t4ubn/hoverzoom_for_chrome_is_infected_with_malware/) [(FWIW the author denies it)](http://hoverzoom.net/aboutdatacollection/)
> [Neat Bookmarks](http://www.reddit.com/r/chrome/comments/1p5ekq/psa_chrome_extension_neat_bookmarks_is_injecting/)
> [Smooth Scroll](https://chrome.google.com/webstore/detail/smoothscroll/cccpiddacjljmfbbgeimpelpndgpoknn/reviews?hl=en)
> [Translate Selection](https://chrome.google.com/webstore/detail/translate-selection/goanabmlmgfinmjohhepcpffcnkeobjm/reviews)
> Tweet This Page
> Webpage Screenshot Capture
> [Window Resizer](http://www.reddit.com/r/YouShouldKnow/comments/1snyyl/ysk_the_chrome_extension_called_window_resizer/)
> [Youtube Ratings Preview](http://zaneford.me/blog/youtube-ratings-preview-google-chrome-plugin-silently-updated-to-include-data-tracking/)
And [here](http://www.reddit.com/r/technology/comments/1vir7a/chrome_extensions_are_being_bought_out_by_malware/cesp80l) is the original comment in /r/technology.
I thought I should x-post so everybody is aware. If anybody else knows extensions that inject malicious code or send data without the user's permission, post it here and I'll add it.
It's time for Google to do something about this.
11 thoughts on “In case anybody hasn’t seen it yet, /u/smooshie posted a list of malicious Chrome extensions and thought we could contribute to that”
I had one if these (hola unblocker) on for a day before reading something bad about it and uninstalling. Do I need to do anything else?
Fuck. I just changed to CrxMouse because my last gesture extension started doing that.
I uninstalled ScollToTopButton awhile ago because of this. Anyone know of an alternative?
Hola? Damnit… Are there any good alternatives?
We need and extension to detect extension which have gone rogue.
Injecting links in to pages must be a detectable activity, no?
A little off-topic but be very, very careful about scripts from Userscripts.org. A ton of them are malicious. Most will follow accounts on Facebook and spam everyone on your friends list to do the same.
Why the suspicion that HoverZoom is malicious?
Regarding Awesome New Tab Page, while I absolutely do not want an extension injecting anything anywhere outside it’s own content, ANTP declares it advertising on it’s description page and provides an easy to find setting to turn it off, so would not call that “malicious”.
So, I guess Hola gave me something called deal4mmE, and I can’t seem to get rid of it. It appears on my programs and features list, but when I click uninstall nothing happens.
Sorry for my ignorance, but can anybody help me out, here?
Here you have a “Add to Feedly” crapware-free alternative. Just my 2 cents.
I’m the founder of Hola. Hola is free and ad-free, with a premium version that helps fund the further development of Hola. In the past we tried advertising and a shopping assistant, but found that they provided an annoying user experience, so dropped them quickly. Hope you enjoy the service. Ofer