Special code in the plug-in checks to see if the page originates with Yahoo and if so, inserts its own ad from playook.info.
A little more digging turned up a list of websites that are targeted by the plugin...
This is not the first time that some Chrome plugins requested extra permissions during the installation. Last month, we reported that several "Facebook Timeline Remover" plugins also requested permission to access data on all websites, where they should only touch Facebook.com websites. Users who give up such extensive permission run the risk of getting their browsers hijacked. The plugin authors can acquire all the Web data when users browse the Internet with Chrome and then misuse users information, such as stealing and selling user e-mail addresses and online credit card information.
As of 2 October 2012, there are about 82,593 Chrome users who installed these ads-injected plugins, and the total number is still climbing fast day by day, e.g., about 13K new installations from 1 October to 2 October.
A suggestion to Chrome users; whenever trying to install a plugin inside the Chrome Web store, consider the requested permissions with a critical eye toward the intent of the plugin. If the plugin requests any permission that does not seem reasonable, do not install it. If you have already installed, uninstall them immediately and change your passwords on other websites if possible.
For more information on how to protect your network please go to www.barracudanetworks.com/
Sign up for CIO Asia eNewsletters.