In another example, some extensions changed or added parameters within a URL in order to accomplish affiliate fraud.
Companies such as Amazon will pay a small fee to webmasters, known as affiliates, when someone clicks a link on their website that leads to a sale. That is tracked by adding an affiliate code inside a URL.
Some extensions will swap out the legitimate affiliate code for their own, effectively gaining fraudulent credit for the sale. Since Google saw the study, it has moved to crack down on affiliate fraud in its policy governing extensions, Grier said.
They also found examples of extensions swapping out advertisements on a website for their own in order to get the fees. Sometimes extensions swapped out banner ads, injected ads into ad-free sites such as Wikipedia or overlaid ads on top of website content.
The study was also co-authored by Neha Chachra, Christopher Kruegel, Giovanni Vigna and Vern Paxson.
Sign up for CIO Asia eNewsletters.