Google pulls AVG for flawed security extension that exposed user data

Ccleaner
Google has discovered that AVG’s free anti-malware tool Web TuneUp put up to nine million Chrome users at risk of exposing their personal data by altering settings in the browser.

As a result, AVG’s tool has been banned from automatically installing when a user installs the company’s anti-virus software. Currently there are about nine million people with the Web TuneUp extension installed in Chrome.

Tavis Ormandy, a Google Project Zero researcher, said the extension leaked browsing history and data online where a knowledgeable attacker could exploit the vulnerability to snoop on what sites a person had logged into. In one example, a malicious actor could hijack the Gmail account of an unsuspecting user or steal passwords.

Ormandy found that the extension was force installing itself and left users with no means to opt out. “Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users,” wrote Ormandy in an email to AVG, describing the extension as “so badly broken.”

“My concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page,” he said. “I hope the severity of this issue is clear to you, fixing it should be your highest priority.”

According to Ormandy’s correspondence with AVG, the initial patch did not solve the issue, but on Tuesday of this week the latest update was to his satisfaction. “The vulnerability has been fixed; the fixed version has been published and automatically updated to users,” said AVG in a statement, thanking Google for bringing it to its attention.

Regardless, the Web TuneUp extension has still been blocked from auto-installing. AVG has provided no further comment on the matter.

This is AVG’s second run-in this year with security pros who were carrying out audits of its software. In March, its software was found to have flawed code that could disable Windows security features. These sort of issues highlight how users should be especially cautious of software that promises protection as it could be doing the very opposite.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Social Media

Your Google+ public content will remain viewable on the web, if you want it to

Google's failed social network — Google+ — will soon be wiped from the internet, but there's a team of volunteers working right now to save its public content for the Internet Archive.
Mobile

Huawei has a bold Plan B should tensions affect its software relationships

Huawei has its own software for smartphones and computers prepared, should its relationship with Google and Microsoft be adversely affected by ongoing tensions between it and the U.S..
Mobile

Hey Google, why did you kill off Allo, your best messaging app in years?

Allo, Google's messaging app, has shut down. I convinced my closest friends and family to switch to the app two-and-a-half years ago when it debuted, and we've been using it since. With its death, I'm feeling pain and sadness.
Computing

Changing a PDF into an EPUB file is easier than you might think

If you like to read on a tablet or ebook reader, you'll find that ePUB files offer a number of advantages over PDFs. With this guide, we'll show you how to convert a PDF to EPUB in a few quick steps.
Computing

Confused about RSS? Don't be. Here's what it is and how to use it

What is an RSS feed, anyway? This traditional method of following online news is still plenty useful. Let's take a look at what RSS means, and what advantages it has in today's busy world.
Computing

This limited-time Dell deal cuts $330 off the price of the XPS 15

Dell is currently running a limited-time sale that is cutting the pricing on the XPS 15 down by $330, but only through Thursday, March 21, and with the use of a special coupon code. 
Computing

Here are the best affordable monitors for your budget desktop

Looking for the best budget monitors? These monitors are affordable, but still provide the features you need for gaming, work, home or other plans! Take a look at the displays and your wallet will thank you.
Mobile

Google hit with another fine by the EU, this time for $1.7 billion

Google has been fined for the third time by the EU, this time for breaching antitrust laws by requiring third-party websites using its search function to prioritize its ads over competitors.
Computing

If you have $5,200, Apple has 256GB of RAM for your iMac Pro

Professionals looking to run intensive applications will be able to push their work a bit further with Apple's latest iMac Pro, which holds 256GB of DD4 ECC RAM for $5,200. Here's why it costs so much to upgrade your iMac Pro to the top.
Computing

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 
Deals

From Air to Pro, here are the best MacBook deals for March 2019

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Product Review

The Lenovo Legion Y740 brings RTX 2080 graphics power for under $2,500

Coming with the Intel Core i7-8750H processor, Nvidia GeForce RTX 2080 Max-Q graphics, 16GB of RAM, and a 256GB PCIe NVMe SSD, the Legion Y740 one big beast. But priced at under $2,500 how does Lenovo’s Legion stand up against the crowd?
Computing

Oculus shows off the Rift S, plans to phase out its original VR headset

Oculus plans to phase out its flagship Rift VR headset for its newly created Rift S. The Rift S made its debut this week at the 2019 Game Developers Conference and is expected to be released in spring 2019.