Popular antivirus extension from AVG puts millions of Chrome users in danger

One of the most popular browser-based solutions for Internet security might be more dangerous than not having any security at all. According to a bug report filed by a Google employee on December 15th, the AVG Web TuneUp extension is disabling web security on Chrome for over 9 million users. 

READ MORE: 9 ‘Star Wars: The Force Awakens’ fun facts you didn’t see in the movie

As gHacks explains, AVG’s extension was always problematic. It changes startup settings that might negatively affect a given user’s experience with the Chrome browser, it’s nearly impossible to change any modified settings without disabling the extension altogether and its privacy policy states that AVG can collect and sell non-identifiable user data to third parties.

But that’s nothing compared to the complaint from Google:

“Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP.

Nevertheless, my concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page.

There are multiple obvious attacks possible, for example, here is a trivial universal xss in the “navigate” API that can allow any website to execute script in the context of any other domain. For example, attacker.com can read email from mail.google.com, or corp.avg.com, or whatever else.”

AVG released a fix shortly after this report was filed, but Google denied it. It didn’t fix the issue. AVG issued a second update on December 21st, and that one was accepted by Google, but the team has disabled inline installations just in case.

If you have the AVG Web TuneUp extension, you might want to consider another security solution.

Source: Popular antivirus extension from AVG puts millions of Chrome users in danger

Advertisements

About steventorresramos

I have over (24) years of Computer Aided Drafting & Design experience and over (16) years of IT experience. After graduating high school I attended a Technical College and earned an Associate Degree in Drafting & Design. I then enrolled at the University of Puerto Rico where I earned an A.S. in Civil Engineering Technologies. While attending the Univ. of Puerto Rico I worked as a freelance Drafter for a variety of architects and engineers. During my senior year I began to work for the firm Planning Management & Development in Ponce, Puerto Rico. Two years later I was offered the position at Mario Corsino & Associates, which later became InterGroup a medium size Civil Engineering, Architectural and Planning firm in Bayamon, Puerto Rico. At InterGroup I became assistant chief drafter where I was responsible for 20+ drafters & civil techs, and this is also where I began my IT training. In 2000 I decided to move to St. Petersburg, FL where I was hired as CAD Manager at Advanced Engineering & Design a small Civil Engineering firm established in 1998. Currently still employed by Advanced Engineering & Design I’m now the CAD/IT Manager. I have also continued to expand my knowledge base in both the IT & CADD fields through continued training, certifications, and attending Autodesk University. I’m currently an Autodesk Certified Professional proficient in AutoCAD, Civil 3D and various other Autodesk products. I have been the President of the Tampa Bay Autodesk Users Group (TBAUG) since late 2007 and a member of Autodesk Users Group International (AUGI) since 1996. I have an A.S. Degree in Computer Networking , a Bachelors of Applied Science in Technology Management and currently finishing work on my Masters in Computer Information Systems. I’m a licensed drafter in the US Commonwealth of Puerto Rico, and a Microsoft Certified Professional. I hold certificates as a Microsoft Certified IT Professional: Server Administrator, Cisco Networking Associate Professional and Linux Administrator.
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Popular antivirus extension from AVG puts millions of Chrome users in danger

  1. Karen Vance says:

    Thank you! I’m going to search what PuP is 🙂

    On Mon, Jan 4, 2016 at 10:46 AM, Its my life, youre just along for the

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s