A report has been published of
multiple vulnerabilities in a Chrome extension installed by AVG AntiVirus. The bug report linked is somewhat technical, but until a week ago, this basically allowed any website you visit to access any other pages you may have open, your browsing history, and probably more.
A fix provided a week ago by AVG reduces this vulnerability to hijacking via XSS vulnerabilities on AVG's own website, which appear to be fairly easy to find. In other words, completely owning your Chrome session has gone from trivial to very easy.
In summary,
this allows an attacker to very easily gain access to any web-based e-mail, banking and other sensitive and/or financial services you use.
Any AVG users probably want to permanently uninstall their software and make sure the "Web TuneUp" Chrome extension is removed as well.