Chrome has blocked the AdBlock and uBlock extensions due to data manipulation using cookie stuffing

AdBlock and uBlock cookie stuffing
Written by Brendan Smith

Google experts have excluded two dangerous ad blockers from the Chrome Web Store – AdBlock (about 800,000 users) and uBlock (850,000 users). These blockers tricked users with cookie stuffing.

Both extensions were fully functional, but they obviously disguised themselves as other popular blockers and engaged in fraud.

Google experts removed the problematic extensions after AdGuard experts discovered the fraudulent behavior of blockers.

Researchers noticed that approximately 55 hours after installing these extensions, they begin to exchange suspicious requests with their servers. Therefore, in response to expansion requests, the server sends a list of commands, after which the behavior of the “blocker” changes: in addition to blocking ads, it starts to do something else.

“It’s about cookie stuffing, a popular scam technique that is often used in affiliate marketing to capture traffic from legitimate sources,” – write AdGuard experts.

Researchers explain that when entering every new domain, a request is sent to For example, after visiting, the sent request will look like this:


Response on such request will contain the following URL:


The extension will immediately open this link in the background. This request will be followed by a chain of redirects and the last request in the chain will be this one:


Apparently, the address belongs to someone’s affiliate program with Teamviewer. In response, the browser will receive an “affiliate” cookie. As a result, if the user makes a purchase on, the extension developer will receive a commission from Teamviewer.

For this scheme, a lot of affiliate links are used, here are some victims of a fraud, whose names are well known:,,, Experts note that this is far from all, and the full list is much longer.

Read also: Thousands of Google Calendars Disclose Confidential Information

Researchers write that the scale of this fraudulent campaign is amazing. In total, the extensions had more than 1.6 million active users, with at least 300 replaced cookies from the list of Top 10000 sites according to Alexa. The exact damage from this campaign is difficult to assess, but AdGuard is confident that it is a few million US dollars per month.

How can you protect yourself?

  • If you’re going to install a browser extension, think again. Maybe you don’t really need it?
  • Don’t believe what you read in the extension’s description. Be aware that there’s almost no review process, and this can easily be a fake.
  • Reading the users’ reviews won’t help as well. These two extensions had excellent reviews and yet they were malicious.
  • Don’t use the WebStore internal search, install extensions from the trusted developers’ websites directly.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

Leave a Reply