*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
AVG AntiVirus force-installs vulnerable Chrome extension
« on: December 29, 2015, 07:09:28 AM »
A report has been published of multiple vulnerabilities in a Chrome extension installed by AVG AntiVirus. The bug report linked is somewhat technical, but until a week ago, this basically allowed any website you visit to access any other pages you may have open, your browsing history, and probably more.

A fix provided a week ago by AVG reduces this vulnerability to hijacking via XSS vulnerabilities on AVG's own website, which appear to be fairly easy to find. In other words, completely owning your Chrome session has gone from trivial to very easy.

In summary, this allows an attacker to very easily gain access to any web-based e-mail, banking and other sensitive and/or financial services you use.

Any AVG users probably want to permanently uninstall their software and make sure the "Web TuneUp" Chrome extension is removed as well.
« Last Edit: December 29, 2015, 07:14:07 AM by Parsifal »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: AVG AntiVirus force-installs vulnerable Chrome extension
« Reply #1 on: December 29, 2015, 07:22:59 AM »
Welp.... Glad I stick with bit defender.
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline Misero

  • *
  • Posts: 94
  • Evidence, Evidence, Evidence, and more Evidence.
    • View Profile
Re: AVG AntiVirus force-installs vulnerable Chrome extension
« Reply #2 on: December 31, 2015, 02:35:23 PM »
Avast!
Nobody should ever follow my standard.  I am the worst moderator ever.
Yes, I'll still keep that in mind on this forum too.