Published on February 14th, 2020
Written by Aanand Krishnan, CEO and Founder of Tala Security

Imagine this: a potential new customer is drawn to your latest marketing campaign. He goes to your website and browses your products, finding exactly what he needs. But right before he moves to purchase the product, his attention is diverted to something flashing in the corner. It’s an ad for one of your competitors, displayed right on your own company’s website. The customer clicks the ad and buys from your competitor.

Here’s another scenario: a loyal customer returns to your site to purchase additional products. She’s had a positive experience with your company before, but this time she’s inundated with obnoxious pop-ups. She tries to close them all, but the page is loading too slowly, so she closes your site and decides to shop elsewhere.

You’ve undoubtedly worked hard to create the ideal customer experience on your website, yet situations like these are still possible thanks to browser-injected ads.

What are Browser-Injected Ads?

Browser-injected ads are ads that appear to a customer on your website without your permission. They usually come from infected browser extensions or web applications. For something that doesn’t get a lot of attention from retailers, the problem is widespread.

In early 2015 Google reported that they had already received more than 100,000 complaints from Chrome users about ad injection since the beginning of the year—more than network errors, performance problems, or any other issue. They found that over 50,000 browser extensions and 34,000 software applications injected ads.

Many website operators don’t even recognize that they have a browser-injected ads problem. Since the ads come from the customers’ browsers, the retailer can’t see them. And unlike other glitches on your website, your customers aren’t likely to report browser-injected ads to you. If they’re being diverted to discounted competitor products, they likely are just fine with the situation. Even if they’re unhappy with the injected content, many customers won’t understand that the source is not your company but their own browsers.

Why Does it Matter?

Most eCommerce businesses don’t think a lot about browser-injected ads because they can’t see them. Unfortunately, the impact can be huge.

A common type of browser-injected content is competitor advertising. A visitor to your site might see an ad for discounted competitor products like yours or even an unflattering price comparison. Think of the financial impact if even one in ten visitors who see this ad decide to follow it.

Some injected ads are simply annoying. You’ve probably closed out of a website yourself when the pop-ups got too intrusive or videos wouldn’t stop playing automatically. Such ads can also slow the load time of your website. Did you know that over half of mobile website visitors leave a page that takes longer than three seconds to load?

In other cases, the browser-injected ads might even be for adult content. If customers are forced to see inappropriate ads while shopping on your site, your brand reputation could be permanently damaged.

How to Block Browser-Injected Ads

Because ad injection is a client-side problem stemming from your customers’ browsers, traditional security strategies do nothing to combat browser-injected ads. The standards-based security tools that are available to safeguard the client-side are infrequently deployed. To prevent injected ads and retain your customers’ interest and trust, you’ll need a client-side solution.

Some of the client-side tools on the market successfully monitor what’s happening in the browser, but lack the capability to automatically block unwanted content. Tala offers proven solutions that prevent client-side attacks, including the injection of unwanted ads, with zero impact on website performance. After extracting 50+ behaviors on every page of your website, Tala automatically identifies the sources of code and content on a page. This allows it to detect and block unwanted injections in real-time.

Client-side attacks of all kinds are becoming more common. The same Tala technology that blocks browser-injected ads will help you fight some of today’s biggest threats, such as Magecart, formjacking, cookie stealing, cross-site scripting (XSS), and future cyber threats we have yet to see.

Beat the Competition

By eliminating browser-injected ads, you can increase conversions, reduce shopping cart abandonment, improve website performance, and protect the reputation of your brand. Blocking ad injection is a no-brainer.

Most companies are still failing to protect against client-side threats, including browser-injected ads. Defending your customers’ browsers against unwanted third-party content will give your eCommerce business a competitive edge.


Aanand Krishnan, CEO and Founder of Tala Security

Aanand Krishnan, CEO and Founder of Tala Security

Aanand Krishnan is the CEO and Founder of Tala Security. Prior to Tala, Aanand was most recently a senior director of product management at Symantec where he built Symantec’s first big data security analytics platform and led key strategy projects that helped establish the company’s vision and strategic focus. Aanand spent several years in investment banking at and mergers and acquisitions at Morgan Stanley and Dolby Labs and acted as an adviser to leading security software, semiconductor and clean tech companies. He started his career building high-speed optical networking products at Agilent Technologies. Aanand holds an MBA from Berkeley where he was a recipient of CJ White Fellowship, a Masters in Photonics and Optoelectronics from UC Santa Barbara where he was a QUEST Fellow and a Bachelors in Electrical Engineering with Honors from BITS, Pilani.

Find Aanand on LinkedIn


Sign up for our Newsletter

Hand-picked security content for security professionals.