Popular antivirus company, AVG who oath to protect our online security and keep our data safe is actually turns out to expose millions of users data because of a critical security flaw in its Chrome extension. It seems that if you have been using AVG’s Web TuneUp Chrome extension, there is a good chance that you could have been exposed.
Because of the security flaw Google has banned AVG from automatically installing its Web TuneUp Chrome extension. Report says that about 9 million users data has been exposed because of this critical security flaw.
Tavis Ormandy – a Google Project Zero researcher who has been auditing antivirus software – found the extension was riddled with vulnerabilities. Web TuneUp is installed with AVG’s antivirus package, and attempts to stop Chrome users from surfing to websites hosting malware. It is used by 9,050,432 people.
Security Flaw in AVG Web TuneUp Chrome Extension
Also Read : Top High-Profile Hacking Attacks of 2015
AVG nuked the reported vulnerabilities in version 184.108.40.206 of Web TuneUp, which was released last week. However, it is understood AVG is no longer allowed to install the extension automatically – it must be fetched manually from the Chrome Web Store if users really want it – and that the store team is investigating the widget for potential Google policy violations.
“We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension. The vulnerability has been fixed; the fixed version has been published and automatically updated to users,” — an AVG spokesperson told The Register.
As of today, the issue has been closed. That’s certainly good news for Chrome users that are running Web TuneUp, though it might not be a bad idea for those folks to just head to their extensions page and remove it entirely.
Are you using Web TuneUp Chrome extension? Then its the time to remove it.