Not the GP, but just last week Google automatically removed a single use extension (https://readermode.io) from my browser after flagging it as malware (as I recall the extension updated itself a day before the removal). The extension has also been taken down from the Chrome web store (https://chromewebstore.google.com/detail/reader-mode/llimhhc...) though Google hasn't provided any details about what it was doing that led to the removal.
I think the asymmetry in payoffs explains this, since a bad actor who baits and switches their extension could do massive damage to users. So google try to catch this behaviour and inevitably have some false positives (extensions labelled malware that actually aren't). The cost of a false positive is annoyance. The cost of real malware getting through could be your bank balance.
Automatic extension updates is a stupid practice. The attack surface for a legit extension is minimal, while being huge for a malware update. I'm against almost all automatic software updates in general, but browser extensions take the cake for having an obscene cost/benefit ratio. Chrome won't even let you turn it off. Personally I extract and load all my extensions in developer mode.
the alternative is leaving software eternally insecure as people will not update them. and of those that will, 99.99% (probably not an exaggeration) will not have the interest, time, or ability to review code changes before updating.
There are some core technologies that should be updated automatically as the cost/benefit is well in favor of updates (by default, but with an option to turn it off). But the fact that we're at the point of all software updating automatically with zero acknowledgement that there is even a cost associated with it is a huge problem. Ostensibly a security practice but now serves as a means for software distributors to extract the maximum value from their users. The pendulum is well overdue for a swing back towards the middle.
There are several complains in the reviews, though it all seems a bit bizarre in that the issue was with an opt-in so-called "eco-mode" that basically was throwing pop-ups with affiliate links.
I can't answer that question I'm afraid. I disabled somewhere in the region of 5-10 extensions and it would have required more effort than I cared to exert to figure out which was the culprit. This means that I can't categorically state an extension was to blame, but there was a strong correlation between my removing them and the spurious likes stopping.
> Which of your single use extensions was causing you to like things on Facebook?
Are you saying tons of your single-use extensions caused this Facebook liking, and a custom download page was one of them? Or was this meant to be a response to https://news.ycombinator.com/item?id=42492881?
(Or maybe something's wrong with parent links today. For me, on the main page, they are now turning into anchored links that don't seem to go where intended, which wasn't happening yesterday.)