Adobe angers Chrome users by bundling browser plugin with security update

&gt; The plugin seeks permission to do three things; &quot;read and change all data on the websites you visit,&quot; &quot;manage your downloads,&quot; and &quot;communicate with cooperating native applications.&quot; [...]<p>&gt; it&#x27;s likely that the extension itself is harmless enough<p>That seems unlikely given Adobe&#x27;s history of truly awful security flaws. It wasn&#x27;t that long ago when they thought that it would be a good idea for their add-on to pre-render PDFs in RAM silently in the background, including executing any embedded code without any sandboxing. Combined with browsers&#x27; prefetching of urls in a page (so that it would load quicker in case you clicked it), this caused a number of rootkit and other malware infections - from links that people didn&#x27;t even click in search results and URLs served up in advertising or in comments&#x2F;forum posts.<p>The only permission needed by a PDF viewer should be &#x27;display PDF document content&#x27;. It shouldn&#x27;t need to read or change other data, manage downloads, or communicate with anything to display an e-book or document. If it does, it&#x27;s probably not harmless.

&quot;The extension also collects basic information and sends this to Adobe. This tracking appears to be on by default, though it can be disabled through the extension&#x27;s options page.&quot;<p>Another company collecting telemetry that you have to opt-out of. This needs to be illegal because often, by the time most people learn of the option, their information has already been snarfed.

At this point, browsers should block all plugins not explicitly installed through the browser. I can&#x27;t think of any circumstances in which I would be happy to find that some software I installed has automatically installed a browser plugin.

Meanwhile, in the same ethical bucket, Oracle as recently as a week ago is adding a Yahoo! toolbar to your browser when you update Java, unless you uncheck their pre-checked opt-in checkbox. Sigh.

My mom was a bit upset when I told her she couldn&#x27;t install Adobe or Oracle software on her new computer (iMac) a few years ago, but today the thing still runs like it just came out of the box.<p>Do the right thing, and tell your family and friends to stay away from this malware.

I have a vague recollection of an incident, years ago, whereby Adobe installed Macafee whenever you installed a flash update. There was a little checkbox to control this, but it was checked by default. Pissed me off, i had get macafee off my computer pronto as it didn&#x27;t get along with the anti virus i had already installed.

I really wonder how it feels to create user-hostile software like that that is borderline malicious and barely adds any value.

My current beef with Adobe is that they took a perfectly good mobile version of Photoshop for Android, broke it into 5 separate applications, that when combined, don&#x27;t even reach the full functionality of the application they are replacing.<p>Oh and they&#x27;re each the size of the original app.<p>Who signs off on this?

Isn&#x27;t this against the chrome ToS?<p>Can Google retaliate by removing their extension from the store?

Someone really really needs to fix browser plugin permission system so that control can be very very fine-grained, and it&#x27;s easy to review what information has been passed back and forth.

Given that Chrome itself was often bundled with Adobe Flash and Reader security updates I’m not sure they’ve got much of a case.<p><a href="https:&#x2F;&#x2F;forums.adobe.com&#x2F;thread&#x2F;1053973" rel="nofollow">https:&#x2F;&#x2F;forums.adobe.com&#x2F;thread&#x2F;1053973</a>

Jeeze adobe, try digging up.

Well, do the users know that Chrome itself sends a bunch of data to Google? On principle, I consider both Adobe and Google&#x27;s practices to be abhorrent, but practically speaking Google definitely has the better record on product reliability and security.