Skip to main content

Google pulls AVG for flawed security extension that exposed user data

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
Google has discovered that AVG’s free anti-malware tool Web TuneUp put up to nine million Chrome users at risk of exposing their personal data by altering settings in the browser.

As a result, AVG’s tool has been banned from automatically installing when a user installs the company’s anti-virus software. Currently there are about nine million people with the Web TuneUp extension installed in Chrome.

Recommended Videos

Tavis Ormandy, a Google Project Zero researcher, said the extension leaked browsing history and data online where a knowledgeable attacker could exploit the vulnerability to snoop on what sites a person had logged into. In one example, a malicious actor could hijack the Gmail account of an unsuspecting user or steal passwords.

Ormandy found that the extension was force installing itself and left users with no means to opt out. “Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users,” wrote Ormandy in an email to AVG, describing the extension as “so badly broken.”

“My concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page,” he said. “I hope the severity of this issue is clear to you, fixing it should be your highest priority.”

According to Ormandy’s correspondence with AVG, the initial patch did not solve the issue, but on Tuesday of this week the latest update was to his satisfaction. “The vulnerability has been fixed; the fixed version has been published and automatically updated to users,” said AVG in a statement, thanking Google for bringing it to its attention.

Regardless, the Web TuneUp extension has still been blocked from auto-installing. AVG has provided no further comment on the matter.

This is AVG’s second run-in this year with security pros who were carrying out audits of its software. In March, its software was found to have flawed code that could disable Windows security features. These sort of issues highlight how users should be especially cautious of software that promises protection as it could be doing the very opposite.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Intel’s new Core Ultra 9 285K may struggle against its predecessor
Intel's 14900K CPU socketed in a motherboard.

Intel Arrow Lake processors are here, and the Core Ultra 9 285K stands at the top of the lineup as Intel's current best CPU. However, the chip faces a lot of competition not just from AMD, but also from Intel's own last-gen Raptor Lake refresh. Even Intel itself can't deny that performance-wise, the Core Ultra 9 285K and the Core i9-14900K are not that far off.

Although the performance uplift might be subtle (or even non-existent) at times, Intel's Core Ultra 9 285K does bring some interesting changes. Here's a rundown of how the Core Ultra 9 285K and the Core i9-14900K stack up against each other.
Pricing and availability

Read more
Apple is hoping to one-up Meta with its own smart glasses
Person wearing Meta Orion smart glasses.

Apple has been stuck in an innovation rut for the past few years. Aside from the Vision Pro headset — which expectedly didn’t gain a mass reception — the company hasn’t made any notable hardware strides apart from its bread-and-butter mobility and computing portfolio. That could change in the next few years.

According to Bloomberg, Apple’s Vision Pro team is working on smart glasses to tackle the challenge presented by a resurgent Meta. The social media giant has already scored an early lead with the well-received Meta Ray-Ban smart glasses, which have steadily received meaningful social and AI upgrades.

Read more
The Intel Core Ultra 9 285K is already facing an uphill battle
Intel Core Ultra 9 285K CPU box packaging.

The consensus during the launch of a new PC hardware component is that it is faster or more powerful compared to the outgoing model or competition. But that may not be the case with Intel’s latest Arrow Lake-S CPUs. The first crop of Intel’s Core Ultra 200S desktop processors was officially unveiled yesterday and features five new SKUs led by the Core Ultra 9 285K.

By itself, the latest flagship is a very capable chip, but Intel says it is (in most cases) on par with last-gen’s Core i9-14900K. The catch here is that the entire Arrow Lake-S lineup consumes less power, thus generating less heat. That is great news for general consumers and enthusiasts who are particularly worried about high electricity costs and thermal management.

Read more