Adobe rolled out a set of patches for Acrobat, Adobe Reader, and Flash on Patch Tuesday this week, and the update had an unwelcome surprise in store for Chrome users. After updating their systems, they found that Chrome was prompting them to enable an extension from Adobe.
The extension does a couple of things; it provides a quick way to convert a Web page into a PDF if you have a full, paid version of Acrobat, and it lets you choose to open PDFs in Adobe Reader rather than using Chrome’s built-in PDF support. This is occasionally useful for using PDF features that the browser-based support doesn’t offer. The extension has existed for some years. The new more aggressive distribution is new, however. The plugin seeks permission to do three things; “read and change all data on the websites you visit,” “manage your downloads,” and “communicate with cooperating native applications.” The level of access required appears to be consistent with the plugin’s stated purpose; as it can make a PDF of any page, it needs to have access to any page, and Chrome does not distinguish between extensions that read from pages and those that modify them.
The extension also collects basic information and sends this to Adobe. This tracking appears to be on by default, though it can be disabled through the extension’s options page. Adobe states that this information is anonymous and does not include URL data.