Google is shoring up its Chrome browser software to defend against unwanted malware injections that the firm claims affect about five percent of users.
The move follows research commissioned by Google to determine the prevalence of ad-injectors that can insert bad software onto machines.
“Ad-injectors are programs that insert new ads, or replace existing ones, into the pages you visit while browsing the web,” Google said on its Online Security Blog, before explaining why they are such a problem.
“Ad injectors are problematic for advertisers and publishers as well. Advertisers often don’t know their ads are being injected, which means they don’t have any idea where their ads are running.
“Publishers, meanwhile, aren’t being compensated for these ads, and more importantly, they unknowingly may be putting their visitors in harm’s way, via spam or malware in the injected ads.”
Google explained that the threat has been on the radar more and more this year since news of Lenovo’s Superfish problem broke.
“We’ve received more than 100,000 complaints from Chrome users about ad injection since the beginning of 2015, more than network errors, performance problems or any other issues,” the firm said.
The research, carried out with the University of California, Berkeley, looked into 100 million page views of Google sites on Mac and Windows operating systems and Firefox, IE and Chrome browsers.
“Ad-injectors were detected on all operating systems. More than five percent of people visiting Google sites have at least one ad-injector installed,” Google said.
“Thirty-four percent of Chrome extensions injecting ads were classified as outright malware, [and] researchers found 192 deceptive Chrome extensions that affected 14 million users.”
Google will tackle this problem with a change to its developer rules. Developers will still be able to use injectors, but they must be honest and transparent.
Chrome users who venture into ad-injector territory will see a clear, red warning alert box before accessing any pages that Google deems untrustworthy. Google is mooting a similar system to raise awareness of non-HTTPS websites.
“We’re constantly working to improve our product policies to protect people online. We encourage others to do the same. We’re committed to continuing to improve this experience for Google and the web as a whole,” added the firm.