AVG force-installed vulnerable ‘broken’ Chrome extension



Google Security Research has criticized AVG for “force installing” AVG Web Tuneup, a Chrome extension which could be exploited to reveal “browsing history and other data to the internet”.


And it only gets worse, the report claims.

This extension adds numerous JavaScript API’s to chrome, apparently so that they can

hijack search settings and the new tab page.

The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API.

The Google researcher’s verdict was damning: “I’m really not thrilled about this trash being installed for Chrome users… your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page”.

Fortunately AVG has since come up with a fix, and although Google seems unenthusiastic (“I

think this is the best we’re likely to get”) the company has declared that “this issue is resolved now”.

Even better, there’s no more “force installing”. You can decline the toolbar when offered it by the AVG Antivirus installer, and even if you don’t, Google has disabled its inline installation so you’ll be prompted to accept it (or not) when Chrome next restarts.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s