large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

This naughty Chrome extension is hijacking users’ searches

Google has axed a Chrome extension from its official Chrome Web Store after it was discovered that the extension was hijacking search engine queries, taking users from their search engine of choice and tossing them into the search wilderness, with pages full of toxic ads.

If you are one of the nearly 7,000 users of Chrome extension YouTube Queue, then you might have been affected.

Ostensibly, the extension allows users to queue up multiple YouTube videos, before replaying them in order upon later viewing. However, it also kept a beady eye on users search enquiries, and when they visited a search engine and typed in a request, they were snatched away and deposited on a search engine called “Information Vine” which is full of malicious advertising and full of both affiliate links and other somewhat sketchy ways to make money.

Related: Best VPN 2019

Cyber security fans might recognise Information Vine as a particularly grim bit of “malvertising” (that’s malicious advertising) spyware from Ask Media, which bounced all search traffic to its page.

Functionally, anecdotal reports from YouTube Queue users starting two weeks ago seem to indicate the same trick was happening then, when the first reports bubbled up on Reddit.

Eric Lawrence, a former Google Chrome developer who is now working on Microsoft Edge, posted a video showing the extension in action yesterday, before tweeting some details about the exploit and how it is being used.

As Lawrence points out, the malicious code causing the redirect is currently not shown on the extension’s GitHub repository, which makes sense, because that would be almost like admitting they were doing bad things in a public space.

The Register spoke to the original developer of the extension who claimed that he sold the extension several weeks ago, making it look like someone has hijacked the app, just like they hijacked users’ search engine requests. The fact that such an app has managed to stay in Google’s official Web Store while loaded with bad code is a whole other discussion that many web developers are now keen to get into.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.