Skip to main content

Google pulls AVG for flawed security extension that exposed user data

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Google has discovered that AVG’s free anti-malware tool Web TuneUp put up to nine million Chrome users at risk of exposing their personal data by altering settings in the browser.

As a result, AVG’s tool has been banned from automatically installing when a user installs the company’s anti-virus software. Currently there are about nine million people with the Web TuneUp extension installed in Chrome.

Tavis Ormandy, a Google Project Zero researcher, said the extension leaked browsing history and data online where a knowledgeable attacker could exploit the vulnerability to snoop on what sites a person had logged into. In one example, a malicious actor could hijack the Gmail account of an unsuspecting user or steal passwords.

Ormandy found that the extension was force installing itself and left users with no means to opt out. “Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users,” wrote Ormandy in an email to AVG, describing the extension as “so badly broken.”

“My concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page,” he said. “I hope the severity of this issue is clear to you, fixing it should be your highest priority.”

According to Ormandy’s correspondence with AVG, the initial patch did not solve the issue, but on Tuesday of this week the latest update was to his satisfaction. “The vulnerability has been fixed; the fixed version has been published and automatically updated to users,” said AVG in a statement, thanking Google for bringing it to its attention.

Regardless, the Web TuneUp extension has still been blocked from auto-installing. AVG has provided no further comment on the matter.

This is AVG’s second run-in this year with security pros who were carrying out audits of its software. In March, its software was found to have flawed code that could disable Windows security features. These sort of issues highlight how users should be especially cautious of software that promises protection as it could be doing the very opposite.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
LG just knocked $300 off this 16-inch lightweight laptop
lg ultrapc 17 review front angled

For those people who are constantly on the go, grabbing a thin and light laptop makes life a lot easier, especially since they tend to weigh a lot less while also having very capable performance. Unfortunately, that does come at a bit of an extra cost, so we're happy to see this deal from LG on the UltraPC laptop that knocks it down to just $700 from its usual price of $1,000. That's an excellent price for a laptop that can outperform competitors at the same price range, even with the discounted price.

Why you should buy the LG UltraPC laptop
This new version of the Ultra PC is a big upgrade on the previous LG UltraPC laptop and follows the same lineup of LG's very thin laptops like the LG Gram 17, so LG has quite a lot of experience in this market. That's pretty obvious by the fact that the UltraPC has a tiny 0.64-inch thickness, making it thinner than many books. It doesn't lose out on other features, though, and it still comes with a pretty substantial 16-inch screen that runs a modified FHD resolution of 1920 x 1200, which may be a bit low for such a nice laptop, but it's not a dealbreaker if it helps keep the price down. The keyboard is also great to use, and while the previous version of the UltraPC had a comically small touchpad, this new one is a lot more substantial and useful.

Read more
How to do hanging indent on Google Docs
Google Docs in Firefox on a MacBook.

The hanging indent is a classic staple of word processing software. One such platform is Google Docs, which is completely free to start using. Google Docs is packed with all kinds of features and settings, to the point where some of its more basic capabilities are overlooked. Sure, there are plenty of interface elements you may never use, but something as useful as the hanging indent option should receive some kind of limelight.

Read more
How to disable VBS in Windows 11 to improve gaming
Highlighting VBS is disabled in Windows 11.

Windows 11's Virtualization Based Security features have been shown to have some impact on gaming performance — even if it isn't drastic. While you will be putting your system more at risk, if you're looking to min-max your gaming PC's performance, you can always disable it. Just follow the steps below to disable VBS in a few quick clicks.

Plus, later in this guide, we discuss if disabling VBS is really worth it, what you'd be losing if you choose to disable it, and other options for boosting your PCs gaming performance that don't necessarily involve messing with VBS.

Read more