*

Online Parsifal

  • Administrator
  • *****
  • Posts: 4137
    • View Profile
AVG AntiVirus force-installs vulnerable Chrome extension
« on: December 29, 2015, 07:09:28 AM »
A report has been published of multiple vulnerabilities in a Chrome extension installed by AVG AntiVirus. The bug report linked is somewhat technical, but until a week ago, this basically allowed any website you visit to access any other pages you may have open, your browsing history, and probably more.

A fix provided a week ago by AVG reduces this vulnerability to hijacking via XSS vulnerabilities on AVG's own website, which appear to be fairly easy to find. In other words, completely owning your Chrome session has gone from trivial to very easy.

In summary, this allows an attacker to very easily gain access to any web-based e-mail, banking and other sensitive and/or financial services you use.

Any AVG users probably want to permanently uninstall their software and make sure the "Web TuneUp" Chrome extension is removed as well.
« Last Edit: December 29, 2015, 07:14:07 AM by Parsifal »
There is free speech and there is being an annoying twat. This user is exercising his right to the latter.

Re: AVG AntiVirus force-installs vulnerable Chrome extension
« Reply #1 on: December 29, 2015, 07:22:59 AM »
Welp.... Glad I stick with bit defender.

*

Offline Misero

  • *
  • Posts: 94
  • Evidence, Evidence, Evidence, and more Evidence.
    • View Profile
Re: AVG AntiVirus force-installs vulnerable Chrome extension
« Reply #2 on: December 31, 2015, 02:35:23 PM »
Avast!
Nobody should ever follow my standard.  I am the worst moderator ever.
Yes, I'll still keep that in mind on this forum too.