Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest Adobe Acrobat Reader Update Silently Installs Chrome Extension (bleepingcomputer.com)

Posted by BeauHD on from the did-you-hear-something dept.

An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the user's Chrome browser. There is no mention of this "special package" on Acrobat's changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page they're on as a PDF file and share it or download it to disk. The extension is also Windows-only, meaning Mac and Linux Chrome users will not receive it. The extension requests the following permissions: Read and change all your data on the websites you visit; Manage your downloads; Communicate with cooperating native applications. According to Adobe, extension users 'share information with Adobe about how [they] use the application. The information is anonymous and will help us improve product quality and features,' Adobe also says. 'Since no personally identifiable information is collected, the anonymous data will not be meaningful to anyone outside of Adobe.'"

32 of 145 comments (clear)

  1. sure I believe you by supernova87a · · Score: 4, Funny

    Certainly trustworthy! "Since no one but people at Adobe designed this, certainly no one in the wide world of hackers, exploit finders, and data sifters would ever be able to decipher and extract anything interesting from this data. I mean, we're just sending this meaningless data back to Adobe for shits and giggles, it's useless information! By the way, I heard that anonymous means that we just don't record your IP address right?"

    1. Re:sure I believe you by NotInHere · · Score: 2

      But sadly, this is how the industry looks like. "Security" is achieved if you make sure the data only gets to the manufacturer and nobody else, not if no information leaves the machine of the user at all.

  2. It does what? by Anonymous Coward · · Score: 2, Insightful

    >This extension allows users to save any web page they're on as a PDF file and share it or download it to disk

    I'm pretty sure chrome does that all by itself

  3. Chrome is smarter than that. by Anonymous Coward · · Score: 5, Informative

    When you open chrome It will note the new extension and ask if you want to enable it or remove it.

    1. Re:Chrome is smarter than that. by Anonymous Coward · · Score: 5, Insightful

      Chrome may be smart, but the users may not be. A whole lot of people will just click "Yes" or "Enable" or whatever the dialog says.

    2. Re:Chrome is smarter than that. by narcc · · Score: 3, Insightful

      Indeed. Given that Chrome itself is often installed surreptitiously along with popular applications like CCleaner and Avast, it's no wonder that Adobe thought that Chrome users wouldn't mind, or notice, yet another clandestine install.

      Now that I'm thinking about it, Chrome has come bundled with Adobe products as well! That's right, Adobe secretly installs the browser, and tries to set it as default. They've already gone that far, so what's the big deal about sliding along an extension?

      --
      Required reading for internet skeptics
    3. Re:Chrome is smarter than that. by Altrag · · Score: 2

      Yep. Chrome informed me that it was time to complete disable the Adobe auto-updater.

      FYI: Create a dword called bUpdate in \HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat Reader\DC\FeatureLockDown.. set it to 0 to completely disable updates or 1 to only disable the auto-updates and leave the manual checking available in the menu.

      Of course who knows how long before they decide to change or just flat out ignore that entry. But it works for now.

  4. Funny by no-body · · Score: 4, Informative

    Yesterday or two days ago, Chrome prompted me if want to install something from Adobe, most likely extensions and I clicked no since I did not like those popups. Now looking at chrome://extensions/ - nothing like that there to see.
    What gives?

    1. Re:Funny by simcop2387 · · Score: 5, Interesting

      That'd be chrome protecting you from this shit. they've gotten pretty good at detecting and preventing these kinds of drive by installs.

    2. Re:Funny by fisternipply · · Score: 5, Informative

      That was it. My chrome did the same thing not more than two hours ago...which means Acrobat updated itself silently. Which pisses me off. Now, what pisses me off even worse is that it's hard to turn off auto-update in Acrobat Reader DC and requires either editing the registry or downloading and installing another adobe preference manager program (link to help article: https://forums.adobe.com/threa...). And even worse, the data collection was checked by default. A-holes.

    3. Re:Funny by Obfuscant · · Score: 3, Insightful

      they've gotten pretty good at detecting and preventing these kinds of drive by installs.

      After gaining a large amount of market share by BEING a drive-by install (as part of java, IIRC), they ought to be good at detecting them.

  5. The good news ... by Langalf · · Score: 5, Informative

    The good news is when I fired up Chrome, it asked me if I wanted to remove this unwanted extension.

    1. Re: The good news ... by Anonymous Coward · · Score: 2, Informative

      It's installed, silently, by an auto updater. You have to grant it permission before it can run, but it's definitely installed.

  6. Best News = No News by BoRegardless · · Score: 4, Insightful

    I don't use Adobe anymore, PERIOD.

    1. Re:Best News = No News by fisternipply · · Score: 5, Insightful

      Not an option for everyone.

    2. Re: Best News = No News by Anonymous Coward · · Score: 3, Funny

      do you also encrypt your grocery lists?

  7. Preferential treatment by Rosco+P.+Coltrane · · Score: 3, Insightful

    The extension is also Windows-only, meaning Mac and Linux Chrome users will not receive it.

    Why are Mac and Linux users treated better than Windows users? That's not fair!

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  8. Already seen it by Marquis231 · · Score: 2

    I thought it was odd this morning when I logged onto my Windows 7 work PC that the first thing I saw upon opening Chrome was a dialogue box asking permission to install a new extension from Adobe that I hadn't asked for. I declined, of course. Now I see my suspicions that it was official spyware have been vindicated, surprise surprise.

  9. USE THIS by JBMcB · · Score: 4, Interesting

    https://www.sumatrapdfreader.o...

    Small. Fast. Loads DjVu and some E-Reader formats as well. No spyware.

    --
    My Other Computer Is A Data General Nova III.
  10. Re:If you have Chrome why having Acrobat Reader? by Anonymous Coward · · Score: 2, Interesting

    Sadly, Chrome doesn't perfectly support all PDFs yet. The usual gap is in forms. Another problem is that many forms created by software will specifically sabotage non-Adobe products. As an example: https://tax.iowa.gov/sites/files/idr/forms1/2015%201040%20fillable.pdf

  11. Re:Foxit instead by Billly+Gates · · Score: 4, Informative

    Foxit comes with malware which installs toolbars. It's worse than Adobe

    --
    http://saveie6.com/
  12. what an evil scheme. by sheramil · · Score: 2

    "Members of the secret metadata trust.. we have Sheramil's Acrobat usage information right here! Let's see.. documentation for mom's smart tv... a pirate copy of Frank Herbert's 'Dune Encyclopedia'... uh... D.Gingery's book on metal lathes.. very well! How do we monetize this information?" *crickets*

    1. Re:what an evil scheme. by Dusthead+Jr. · · Score: 3, Insightful

      I never really understood this line of thinking, that if one is living an uninteresting, unimportant life they shouldn't care if they're being spayed upon? Privacy is only for people of interest. Everyone else is fair game? I thought it was the famous people who were exempt from having private lives. Personally I think that even if all you do is go home to an empty house and stare at the walls all day you should still do it without, frankly high-tech peeping toms. Buy you should be free to choose whatever you want.

  13. Re:If you have Chrome why having Acrobat Reader? by Anonymous Coward · · Score: 2, Informative

    Some people require digital signatures on PDFs which requires adobe.
    Funny they don't really care WHAT you sign it with but do require it be signed...

  14. Re:Foxit instead by MeanE · · Score: 5, Informative

    Sumatra is fast, light and crap free.

    https://www.sumatrapdfreader.o...

  15. Re:Foxit instead by Luthair · · Score: 4, Insightful

    Chrome also offers pretty good native PDF support, so why even bother having more software installed.

  16. But are users smart to rely on proprietary luck? by jbn-o · · Score: 2

    Chrome does that now, but Google could make Chrome behave differently and not ask, simply accept the new plugin (with its spying turned on by default) without prompting the user.

    Ultimately this allegation of "smarts" is not under the user's control, it's unsafe and a minor stroke of luck that things happened to work out the way they did for now. It doesn't strike me as smart to dismiss this as a settled matter, just as it was not smart for Microsoft Windows 10 users to believe that the OS privacy settings were being obeyed when they weren't.

    --
    Digital Citizen
  17. Closing the barn door after the horses are out by theshowmecanuck · · Score: 2, Insightful

    Can we have some perspective here? We're talking about Chrome people. Google. The masters of collecting data. If you use Chrome your data is no longer your own already. So what are you complaining about?

    --
    -- I ignore anonymous replies to my comments and postings.
    1. Re:Closing the barn door after the horses are out by thegarbz · · Score: 2

      Having faith or trust in one company does not mean I have trust in another. So far Google have not negatively impacted me with personal data collection.

      On the other hand all my passwords are leaked in an unsalted hash format in a breach of Adobe along with all my account information. Their products are also an incredibly open attack vector and a security threat. I have zero faith or trust in Adobe.

  18. Re:Foxit instead by ckatko · · Score: 4, Informative

    At least throw a damn citation out.

    Only thing I can see is version 6.1.4 (2014) of FoxIt had malware. But it was removed afterward because of user outcry.

    HOWEVER, equally or more dangerous I've noticed:

    >In July 2014, the Internet Storm Center reported that the mobile version for iPhone was transmitting unencrypted telemetry and other data to remote servers located in China despite users attempting to opt out of such data collection.[13]

    https://en.wikipedia.org/wiki/...

  19. Re:If you have Chrome why having Acrobat Reader? by LinuxIsGarbage · · Score: 2

    I find the built in PDF viewer in Chrome to not be that great, and the one in Firefox to be downright terrible.

    I use PDF X-change, but there's plenty of other options: Sumatra PDF, MuPDF , etc.

    The only reason I've used Adobe Reader recently was a stupid form that had scripting in it, that wouldn't work in any alternate viewer.

  20. The Acrobat Reader abomination by Applehu+Akbar · · Score: 2

    "The extension is also Windows-only, meaning Mac and Linux Chrome users will not receive it. "

    Which is good, because if you use Mac you don't need Acrobat in the first place. In fact, the built-in PDF reader includes a number of of the editing features that Adobe users have to pay for the "Pro" edition to get.