Google today released a disturbing report detailing the vast reach of software programs that insert unwanted ads into internet users' browsing experiences. Unlike most reports about this subject matter, Google named names.

The practice, called ad injection, is often carried out by malicious browser extensions or misleading software download packages. The software places ads into websites across the web without permission, and its operators sell those ads for a profit, sometimes to leading brands.

"Deceptive ad injection is a significant problem on the web today," Google noted in a blog post. "We found 5.5% of unique IPs -- millions of users -- accessing Google sites that included some form of injected ads."

The Google report found that more than 50,000 browser extensions inject ads, an astonishing number.

Major retailers all sent traffic to their sites via ad injection, but did so unwittingly, Google said. More than 3,000 advertisers are caught in the ad injection ecosystem -- a problem Google said is hard for advertisers to detect. "Because advertisers are generally only able to measure the final click that drives traffic to their sites, they're often unaware of many preceding twists and turns, and don't know they are receiving traffic via unwanted software and malware," Google said.

One year ago, Ad Age detailed the inner workings of a major ad injection scheme. You can watch our video report here: