Google Derails AVG Anti-Malware After Discovering attainable Chrome knowledge Leak

with the aid of Laurie Sullivan @lauriesullivan, December 30, 2015

Google banned the AVG free anti-malware tool net TuneUp from routinely putting in in Chrome browsers after discovering it could put up to nine million users at risk of exposing private information after altering the settings.

AVG’s web TuneUp tool is a free obtain from the Chrome store to provide protection in opposition to malicious internet sites. The plugin works via sending the net addresses of web sites visited by way of the person to AVG’s servers to test them in opposition to a database of identified malicious web sites. unfortunately, the plugin used to be developed in a way that information may be easily exploited with the aid of an attacker.

Tavis Ormandy, a Google mission Zero researcher, stated the extension leaked on-line looking historical past and information for hundreds of thousands of Chrome customers, making it susceptible to hijack Gmail accounts, search settings and the new tab web page or steal passwords.

“Apologies for my harsh tone, however it’s not that i am thrilled about this trash being installed for Chrome customers,” Ormandy wrote in a forum. “The extension is so badly broken that i am no longer sure whether or not I will have to be reporting it to you as a vulnerability, or asking the extension abuse group to research if it’s a PuP.”

the outlet used to be discovered past this month. AVG’s preliminary patch did not clear up the problem, but as of December 28, AVG had accomplished a more secure patch.

“The vulnerability has been fixed,” per AVG. “The fastened model has been published and robotically updated to users.”

MediaPost.com: Search advertising day-to-day

(50)