How to find Chrome extensions that inject ads into any webpage I browse?

google-chrome google-chrome-extensions browser-addons browser-plugin

21,204

Solution 1

Depending on your JavaScript knowledge, you can check out the scripts that can manipulate websites you visit.

Press F12 to open the Developer Tools. Alternatively, open the Developer Tools from the "hamburger menu":
On the Sources tab, select the Content scripts tab. You should see a list of all your extensions that load content script.

"Content script" is the term that is used for scripts that are running in the context of the website you're visiting. These scripts have the ability to manipulate web content in any way they want.
You can now inspect those scripts and see how they're messing with your page.

Hint: In case they're using minified sources, enable the code beautifier:

Solution 2

My way is easier, since you don't have to examine extensions like AdBlock which don't add elements to your page :)

Also, If you aren't a tech-savvy, go to the bottom: there's any solution that may work for you...

Open the Developer Tools
Open the Developer Tools in a new window and reduce the window to icon
Browse the web and wait for the Ads to appear. In this case I'm using an extension which replaces ads with cats pictures
Go to the Network tab, and look for the initiator column. Usually it's called something like content script.js. Click it and that's the content script that messed up your page.
If from taking a look at the code you can't guess which extension is, you can go to Sources tab, click on Content Scripts and look for the extension with a *.js file named like the one we found at point 4.

Easier method (may be less effective)

Go to the installed extensions page
For each extension, click on Details
If the Ads started popping up just recently, look for when it was updated. Chrome extensions update by themselves. This may help you if you started seeing ads today and casually the extension was updated today
Last but not least, look at the reviews, preferably ordered by Recent. If you see somenthing like this, you may have found the culprit.

Solution 3

Disable all chrome extensions, see if the problem stops. Enable each extension one by one. When the issue reappear, you have found the culprit.

Solution 4

I've had a few customers reporting adware in their browser (all are/were using Google Chrome). They had a few randomly-named extensions, so I removed those. Along with a virusscan the extentions did not come back, but the ads were still popping up.

What was the solution? The Chrome executable was somehow infected. Located in either:

Program Files (x86)\Google\Chrome\Application\chrome.exe

Users{Username}\AppData\Local\Google\Chrome\Application\chrome.exe

Removing Chrome and installing it again worked flawlessly. Another way is updating Chrome, but that may require you to enable updates for Google Chrome:

In the registry editor in Windows (regedit): open the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update. Set the UpdateDefault key value to 1.

After updating Chrome all adware was gone. Yay!

View more solutions

21,204

giorgio79

Updated on September 18, 2022

Comments

giorgio79 almost 2 years

I use the Google Chrome browser. Recently I noticed random ads showing up - either on the page content, or by redirection - when I click on a link an ad page opens instead of the proper page.

I suspect these ads are injected by a chrome extension, but how can I find the offending one?

The ads seem to appear at random in an intermittent manner.
- childofsoong over 9 years
  
  Do you use an ad blocker, like AdBlock Plus? If so, it could just be that the ad definitions need to be updated so it recognizes all ads.
- Vinayak over 9 years
  
  If you're using Windows and it's an extension you did not install voluntarily, and it is listed under chrome://policy then you might find the unwelcome guest at %WINDIR%\System32\GroupPolicy\Machine or %WINDIR%\System32\GroupPolicy\User. Delete Registry.pol or any other .pol files if they exist at that location.
- giorgio79 over 9 years
  
  Thx, I use Flashblock. It seems Lastpass extension is inserting these ads (via panoramtech.com domain)
- Giacomo Tecya Pigani over 9 years
  
  On chrome you can't effectively block flash. Use noscript on firefox instead
- EKW over 9 years
  
  @giorgio79 The Lastpass extension was definitely NOT inserting those ads.
- Giacomo Tecya Pigani over 9 years
  
  @EKW is right, try an answer first before choosing the best answer ...
- Display Name over 9 years
  
  if you talk about plain text connections (not https), then it also can be your ISP.
- Oliver Salzburg over 9 years
  
  @GiacomoTecyaPigani: Chrome actually allows fine-grained control over which plugins should run: i.imgur.com/aQXthv4.png I use "click to run" for Flash.
- Tanath over 9 years
  
  @GiacomoTecyaPigani for that there's uMatrix.
- giorgio79 over 9 years
  
  PS: It turned out the offending extension was Show / Hide passwords, not LastPass! I could follow back the injection via the network sources, and looking at the initiator scripts all the way to the plugin js file (Didier-content.js), so the solution was Giacomo's and Oliver's solution combined.
Ajedi32 over 9 years

Why mess with the filesystem when you can just uninstall the extension directly from the browser? Also, this doesn't address the problem in the question at all, which was how to find out which extension is injecting the ads. Removing said extension once you've found it should be trivial, which is why the existing answers don't discuss that step.
That Guy over 9 years

Because most of the ad-injectors that I've seen re-install after being removed from Chrome using the trashcan on the extensions screen. Buyandsave for one example. This is the only way I've found to actually remove the offender from chrome. You are correct that I did not answer his question.
jiggunjer about 9 years

Developer mode does not show the full path in chrome 43.0.2357.124. Just shows ID. Also note some malware extensions don't have their own extension entry. They are simply part of an extension you trust. Digging into the running process is the best way to identify related files.
Quidam over 7 years

If you have really a lot of extensions, you can use the previous answer, given by Oliver, to help you selecting only the ones that change the pages display. Chrome hamburger menu -> More tools -> Developer tools -> "Content script" tab lists all the extensions that modify the display of the websites pages. howtogeek.com/213096/…
Suraj Jain over 6 years

I used this way to inspect my page in which using blank canvas chrome extension I am injecting code, But i do not see it in network tab. How so??
Suraj Jain over 6 years

Did you just responded, I saw notification but when I clicked it, there was not reply
Giacomo Tecya Pigani over 6 years

@SurajJain If the network tab is empty, than no connection was being made. Since ads must be downloaded, if you see ads than the network tab can't be empty. Either something you say it's wrong or it could be that what you are displaying is cached, but i'm not sure about the second
Suraj Jain over 6 years

Actually, I am myself injecting code, and I code see it in source code, it is working fine, I just wanted to see through network tab, but there it is not showing.