Beware of Chrome extensions, the mantra of the safest browser is now just cant (read the same for Firefox)
It seems that the adware creates a fake extension with other legit extension ID present in Google Chrome Web Store (only those are allowed in stable Chrome), which uses a manifest.json loading the ads script. I don't know, if an extension ID is picked randomly
e.g. CHR Extension: (bmejphbfclcpmpohkggcjeibfilpamia) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-04-06]
Note that the ID itself is legit and refers to Netcraft Extension officially hosted on Chrome Web Store:
But that is NOT the Netcraft Extension, but a false copy:
I will not post the code as Avast alerts on it
The problem is with the amount of extensions people have on Chrome and Firefox it is impossible to check them all. So from now on if only "legitimate" ID appear in either browser I will be asking for an uninstall
Something similar is happening on Firefox
