The reason why people have anti-virus applications on their computers is so that they are protected from threats. But in the case of an browser extension for the Chrome browser put out by anti-virus maker AVG, it exposes you to danger.
Tavis Ormandy, a Google Project Zero researcher who has been auditing anti-virus software found the extension was riddled with vulnerabilities. The extension in question is Web TuneUp which is installed with AVG’s anti-virus package. It’s job is to stop Chrome users from surfing to websites hosting malware. But according to Ormandy, it exposes your browsing history for any miscreant to see and use in nefarious ways. Plus it exposes you to man-in-the-middle attacks and the possibility of hijacking attacks. By the way, this extension is forced upon you and you have no choice but to install it when you install AVG Anti-Virus.
#fail
He was so ticked, he sent this e-mail to AVG:
Hello, I’ve just been looking at your antivirus product, and the first thing I noticed was you force install a Chrome extension called “AVG Web TuneUp” with extension id chfdnecihphmhljaaejmgoiahnihplgn. I can see from our statistics it has nearly 9 million active Chrome users.
Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP.
Ouch. By the way, PuP stands for potentially unwanted program. Which is a nice way of saying that it’s malware. I’m sure that went over well at AVG headquarters. Fortunately AVG has since come up with a fix for this. But I’m guessing that Google aren’t the trusting sort as this extension cannot be force installed anymore. That gives users the option to run this or not.
One has to wonder what AVG was thinking when they came up with this as the bad press clearly shows that they might have needed to keep this browser extension in the over a bit longer.
Like this:
Like Loading...
Related
This entry was posted on December 30, 2015 at 8:39 am and is filed under Commentary with tags AVG. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
AVG Browser Extension For Chrome Exposes Users To Danger
The reason why people have anti-virus applications on their computers is so that they are protected from threats. But in the case of an browser extension for the Chrome browser put out by anti-virus maker AVG, it exposes you to danger.
Tavis Ormandy, a Google Project Zero researcher who has been auditing anti-virus software found the extension was riddled with vulnerabilities. The extension in question is Web TuneUp which is installed with AVG’s anti-virus package. It’s job is to stop Chrome users from surfing to websites hosting malware. But according to Ormandy, it exposes your browsing history for any miscreant to see and use in nefarious ways. Plus it exposes you to man-in-the-middle attacks and the possibility of hijacking attacks. By the way, this extension is forced upon you and you have no choice but to install it when you install AVG Anti-Virus.
#fail
He was so ticked, he sent this e-mail to AVG:
Hello, I’ve just been looking at your antivirus product, and the first thing I noticed was you force install a Chrome extension called “AVG Web TuneUp” with extension id chfdnecihphmhljaaejmgoiahnihplgn. I can see from our statistics it has nearly 9 million active Chrome users.
Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP.
Ouch. By the way, PuP stands for potentially unwanted program. Which is a nice way of saying that it’s malware. I’m sure that went over well at AVG headquarters. Fortunately AVG has since come up with a fix for this. But I’m guessing that Google aren’t the trusting sort as this extension cannot be force installed anymore. That gives users the option to run this or not.
One has to wonder what AVG was thinking when they came up with this as the bad press clearly shows that they might have needed to keep this browser extension in the over a bit longer.
Share this:
Like this:
Related
This entry was posted on December 30, 2015 at 8:39 am and is filed under Commentary with tags AVG. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.