Google has recently removed the Webpage Screenshot, an add-on screen-capturing tool for Google Chrome, from its Google Chrome Web Store, for secretly scraping and transferring data (including personal data) of over 1.2 million users.
Based upon a report published by a Danish security firm, this extension featured malicious spyware code that clandestinely extracted end users' browsing navigation details (including the end user's IP addresses, URLs visited, files and data loaded from URLs, the end user's location, search queries entered and personal contact information) without their knowledge, and transferred it to an unknown third-party IP address in the U.S. A Google spokesperson stated that the company has addressed the extension as malware that violates the Chrome Web Store Developer Program Policies.
This incident demonstrate Google's increasing concern that add-ons, while sometimes improving productivity by adding components to a browser's default functionality, also serve as a potential tool for delivering malware (e.g. by carrying out click fraud, injecting ads or hijacking search queries). This incident further reflects Google strict approach concerning the distribution of "unwanted software", as we have previously reported.