Earlier this week, Adobe released some updates to fix security issues and vulnerabilities identified in Adobe Acrobat Reader. Twitter’s @SwiftOnSecurity noticed a new Google Chrome extension for Adobe Acrobat after the update. According to the post, there is no mention of the new extension anywhere in Adobe’s changelog and instead is installed without your knowing. When you click on the extension in Google Chrome, you’ll be prompted to either “Enable Extension” or “Remove From Chrome”. We suggest you click on Remove From Chrome.
With latest Reader update, Adobe is automatically prompting users to install a Chrome extension which includes telemetry. Says no URLs. pic.twitter.com/PnDV4Zy0fv
— SwiftOnSecurity (@SwiftOnSecurity) January 10, 2017
The extension does a couple of things; it provides a quick way to convert a Web page into a PDF if you have a paid version of Acrobat, and it lets you choose to open PDFs in Adobe Reader rather than using Chrome’s built-in PDF support. The plugin lists permissions to do three things: “read and change all data on the websites you visit,” “manage your downloads,” and “communicate with cooperating native applications.” The extension also collects basic information and sends this to Adobe. This tracking appears to be on by default, though it can be disabled through the extension’s options page. Adobe states that this information is anonymous and does not include URL data.
While the extension itself has been around for a while, the fact that Adobe has decided to secretly include it with a security update without prompting the user is an issue. As a member of the IT Security community, this sort of action bothers me. End users should never feel wary about installing security fixes that might leave their system vulnerable, but actions like this may make people feel less confident when installing security updates. Thanks Adobe!
Disable Collection Of Telemetry Data
If you decide to keep the Chrome extension, we recommend you at least disable the option to collect and send the telemetry data to Adobe.
- Load chrome://extensions/ in the Google Chrome address bar.
- Locate the Adobe Acrobat extension on the page, and click on the options link.
- On the page that opens, uncheck “Allow Adobe Acrobat for Chrome to send anonymous usage information to Adobe for product improvement purposes”.
How To Fix Chrome Crashing
If the Adobe Acrobat Chrome Extension is causing your Google Chrome to crash at startup, or you can’t remove the extension, you can try running the Google Chrome Cleanup Tool. According to Google:
This application will scan and remove software that may cause problems with Chrome, such as crashes, unusual startup pages or toolbars, unexpected ads you can’t get rid of, or otherwise changing your browsing experience.