Google has banned the popular Better History Chrome extension after users complained that it hijacked their browsing sessions.
Looks like it was a money-making scheme. The extension was redirecting users’ HTTP traffic through a proxy service before taking them to their desired destinations, showing them an extra page with ads in 50% of the kidnapped sessions.
Not only did that garner advertising revenue for the extension’s owners; it also allowed them to snoop on users’ web traffic, collecting analytics that could later be sold to online advertisers.
Commenters brought the extension’s misbehaviour to the attention of its original author on GitHub over the weekend.
Turns out, he sold Better History a few months ago, he said: since version 3.9.5.
The owner said on Reddit that he sold the extension to a company called advault.net that didn’t seem skeevy:
I checked around and they seemed legit and had a decent site. (you need to disable ad block when hitting advault.net… but of course.. do not do that)
Things started to go wrong when users were prompted to update from version 3.9.7 to 3.9.8. That’s when the extension asked for an extra permission to “Read and change all your data on the websites you visit.”
Pre-sale, in its unadulterated form, Better History added extra filters to Chrome users’ History section to make it easier to view and find previously accessed pages, as shown in this screenshot posted by Softpedia.
Better History’s new owners introduced a script called “common.js” that installed a proxy extension on users’ browsers that redirected Chrome traffic.
They were flying under the radar: advault.net stopped adding changes to the extension’s GitHub repository so that it wasn’t evident that it had been slipping in malicious code.
Reddit user Scarazer wrote that he’d found the same malicious code infecting a number of other Google Chrome extensions, including Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker.
As of Tuesday afternoon, the only extension in that list that had been removed from Google’s Chrome web store was 4chan Plus. Google also banned Better History after users encouraged each other to write reviews reporting it.
Image of Chrome logo courtesy of Rose Carson / Shutterstock.com