A while ago I suspected at least one of my Chrome extensions to do funny things.
In the end it appeared that “Live HTTP Headers 1.0.8” went rogue a while ago and has by now been removed from the store as this link is gone: https://chrome.google.com/webstore/detail/iaiioopjkcekapmldfgbebdclcnpgnlo ()
It was part of a much larger set of extensions that went away and isn’t limited to Chrome: other browsers with extension mechanisms suffer from this too. More links about this at the bottom of this post.
Which means that by now you should be really careful which extensions you have installed and enabled.
So, browse through these and ensure you’ve disabled everything you don’t need permanently:
On my system, I removed these:
- “Live HTTP Headers 1.0.8” used to be at https://chrome.google.com/webstore/detail/iaiioopjkcekapmldfgbebdclcnpgnlo
- This extension contains malware.
- “JSONView 0.0.32.2” used to be at https://chrome.google.com/webstore/detail/chklaanhfefbnpoihckbnefhakgolnmc
- This extension contains a serious security vulnerability.
- “Read Later Fast 1.6.18” used to be at https://chrome.google.com/webstore/detail/decdfngdidijkdjgbknlnepdljfaepji
- This extension violates the Chrome Web Store policy.
When you go from Chrome to these URLs through the extensions page, it usually appends an UTM tracker like utm_source to the URL.
So I dug into that as well and found these links explaining them:
- [WayBack] What Is “UTM_Source” And Should You Be Worried? – Make Tech Easier
- [WayBack] Understanding utm_source, utm_medium and utm_campaign | ByteFive Internet Marketing and Publishing
- [WayBack] How I use utm_source, utm_medium, utm_campaign from Google Analytics | Davin’s blog