AVG Chrome Extension Makes Users Vulnerable

Trusting your Anti-virus is paramount, just as trusting your VPN provider.

When you install AVG is convinces you that you need extra protection, by installing a browser plug-in it will make you safter on the internet.

As it turns out, this is not the case for AVG Chrome Extension Plugin Vulnerability

The extension called WebTuneUp, which will detect search results that might appear to harm you although Google Chrome already has a very good Malware / Bad site link checker and does a very good job at this.

The Impact

A free plugin installed by AVG AntiVirus bypassed the security of Google's Chrome browser, potentially exposing the browsing histories and other personal data of customers to the Internet. The vulnerability, demonstrated in an exploit by a Google researcher earlier this year, has now been patched after initial stumbling attempts by AVG, according to a discussion of the bug in Google's security research discussion list.

The plugin works by sending the Web addresses of sites visited by the user to AVG's servers to check them against a database of known malicious sites. But the way the plugin was constructed meant that information could be easily exploited by an attacker through cross-site scripting [XSS], according to a post by Google Security researcher Tavis Ormandy on December 15.

Patched

AVG AntiVirus has patchated the WebTuneUP chrome extension

Recommendation

Remove the plugin - Let Google Chrome use it's own internal malicious checks which means all your web traffic won't be sent to AVG Servers.

Remember this is the same company that owns Hidemyass VPN - Would you trust them with your data?