Skip to main content

Another flaw discovered in a security software product — this time it’s Avast

Dangerous flaws have been discovered in the Avast SafeZone browser by antivirus provider Avast, making it the next in a long line of security companies recently that have had vulnerabilities found in their products.

Avast SafeZone, also known as Avastium, is based on the open source Chromium browser and comes with Avast’s subscription to its antivirus software.

Recommended Videos

Last December, Google Project Zero security researcher Tavis Ormandy notified the company of flaws he found in the browser that could allow an attacker to access stored passwords and local files. He made his notification public this week.

According to Ormandy, a user can fall prey to someone accessing their browser if they click on a malicious website set up by the attacker. Ormandy created a proof of concept attack that could exploit someone’s C:/ drive and access files. He also discovered that Avast’s browser had removed a “critical security check” from Chromium that would help in preventing these kinds of attacks.

“Putting this all together, if an Avast user using *any* Web browser visits an attacker controlled URL, he can launch Avastium and take complete control of it; reading files, cookies, passwords, everything,” said Ormandy. “He can even take control of authenticated sessions and read email, interact with online banking, etc.”

Avast published a patch for the vulnerability this week after Ormandy gave a 90-day period before going public.

Ormandy has been busy of late discovering holes and bugs in security software. This week he went public with flaws in Comodo’s browser, which is also based on Chromium while before that he published research into Malwarebytes that showed it was susceptible to man in the middle attacks.

Several antivirus and security vendors have come under scrutiny in the last few weeks for flaws in their software. Kaspersky Lab, McAfee, and AVG all had flaws discovered in their software recently.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A coding blunder just ruined a moment of joy for lottery winners
Eurojackpot lottery slips.

Imagine the joy of being notified of a huge lottery win. What would be the first thing you’d do? Get the champagne in? Book a fancy vacation? Call your boss and tell him where to go?

And then imagine being informed that the notification had, in fact, been sent in error. Well, you can always send the booze back and cancel the holiday, but trying to convince your boss that you were just joking ... well, that may be a bigger challenge.

Read more
This TP-Link Wi-Fi 6 router is 45% off in early Prime Day deal
The TP-Link AX1800 Archer AX21 Wi-FI 6 Router on a white background.

If you're planning to buy a new router to improve your home's Wi-Fi network, the good news is that you don't have to wait for Prime Day 2025 to take advantage of huge discounts on router deals from Amazon. Here's an excellent offer — the TP-Link Archer AX21 with an eye-catching 45% discount, which drops its price from $100 to just $55. The $45 in savings will only be available for a limited time though, so you better act fast and proceed with your purchase immediately as this early Prime Day deal may disappear at any moment.

Buy Now

Read more
Watch these AI humanoid robots play soccer like Mbappé … sort of
Humanoid robots playing soccer.

Watching these humanoid robots battle it out on the soccer field, you quickly realize that Kylian Mbappé and his fellow professionals really have little to worry about. At least, for now.

The footage (top) was captured last week in Beijing at the RoBoLeague World Robot Soccer League, China's first-ever three-on-three humanoid robot soccer league.

Read more