Click to Skip Ad
Closing in...
  1. MyQ Smart Garage Door Opener
    11:06 Deals

    Unreal Prime Day deal gets you a MyQ smart garage opener and a $40 Amazon credit for $17

  2. Prime Day Deals 2021
    04:05 Deals

    Amazon Prime Day deals 2021: See hundreds of the best deals right here

  3. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  4. Amazon Gift Card Prime Day Deals
    07:58 Deals

    Free money is definitely Amazon’s hottest deal of Prime Day 2021

  5. Amazon Prime Day Deals 2021
    12:56 Deals

    Amazon just announced a ton of new deals for day 2 of Prime Day




Popular antivirus extension from AVG puts millions of Chrome users in danger

January 1st, 2016 at 4:14 PM
AVG Antivirus Chrome Security Issues

One of the most popular browser-based solutions for Internet security might be more dangerous than not having any security at all. According to a bug report filed by a Google employee on December 15th, the AVG Web TuneUp extension is disabling web security on Chrome for over 9 million users. 

READ MORE: 9 ‘Star Wars: The Force Awakens’ fun facts you didn’t see in the movie

As gHacks explains, AVG’s extension was always problematic. It changes startup settings that might negatively affect a given user’s experience with the Chrome browser, it’s nearly impossible to change any modified settings without disabling the extension altogether and its privacy policy states that AVG can collect and sell non-identifiable user data to third parties.

But that’s nothing compared to the complaint from Google:

“Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP.

Nevertheless, my concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page.

There are multiple obvious attacks possible, for example, here is a trivial universal xss in the “navigate” API that can allow any website to execute script in the context of any other domain. For example, attacker.com can read email from mail.google.com, or corp.avg.com, or whatever else.”

AVG released a fix shortly after this report was filed, but Google denied it. It didn’t fix the issue. AVG issued a second update on December 21st, and that one was accepted by Google, but the team has disabled inline installations just in case.

If you have the AVG Web TuneUp extension, you might want to consider another security solution.

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.




Popular News