AVG putting millions of Chrome users at risk by AVG support phone number
Security company AVG support phone number, well known for its free and commercial security products that offer a wide range of security-related safeguards and services, has put millions of Chrome users at risk recently by breaking Chrome security in a fundamental way in one of its extensions for the web browser.
AVG, like many other security companies offering free products, is using different monetization strategies to earn revenue from its free offerings AVG support number.
One part of the equation is getting customers to upgrade to paid versions of AVG and for a while, that was the only way things worked for companies like AVG support phone number.
The free version works fine on its own but is being used to advertise the paid version that is offering advanced features such as anti-spam or an enhanced firewall on top of that.
Security companies started to add other revenue streams to their free offerings, and one of the most prominent one in recent time involved the creation of browser extensions and the manipulation of the browser's default search engine, home page and new tab page that go along with it AVG support number.
Customers who install AVG software on their PC get a prompt in the end to safeguard their browsers. A click on ok in the interface installs AVG support phone number Web TuneUpin compatible browsers with minimal user interaction.
The extension has more than 8 million users according to the Chrome Web Store (according to Google's own statistics nearly nine million).
Doing so changes the home page, new tab page, and default search provider in the Chrome and Firefox web browser is installed on the system AVG phone number.
The extension that gets installed requests eight permissions including the permission to "read and change all data on all websites", "manage downloads", "communicate with cooperating native applications", "managing apps, extensions and themes", and changing home page, search settings and start page to a custom AVG support number search page.
Chrome notices the changes and will prompt users offering to restore settings to their previous values if the changes made by the extension were not intended AVG support number.
Quite a few issues arise from installing the extension, for instance, AVG phone number that it changes the startup setting to "open a specific page" ignoring the users choice AVG customer service number (for instance to continue the last session) AVG customer service number.
If that is not bad enough, it is quite difficult to modify changed settings without disabling the extension. If you check the Chrome settings after installation and activation of AVG Web TuneUp, you will notice that you cannot modify home page, start parameters or search providers any more AVG support phone number.
The main reason why these changes are made is money, not user security. AVG earns when users make searches and click on ads on the custom search engine they have created AVG support number.
If you add to this that the company announced recently in a privacy policy update that it will collect and sell -- nonidentifiable -- user data to third-parties, AVG phone number you end up with a scary product on its own AVG customer service number.
Security issue
A Google employee filed a bug report on December 15 stating that AVG Web TuneUp was disabling web security for nine million Chrome users. In a letter to AVG customer service phone number he wrote:
Apologies for my harsh tone, but I'm really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I'm not sure whether I should be reporting it to you as a vulnerability, AVG phone number or asking the extension abuse team to investigate if it's a PuP AVG customer service phone number.Nevertheless, my concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page AVG customer service phone number.There are multiple obvious attacks possible, for example, here is a trivial universal xss in the "navigate"AVG customer service phone number that can allow any website to execute script in the context of any other domain. For example, attacker.com can read email from mail.google.com, or corp.avg.com, or whatever else AVG helpline phone number.
Basically, AVG is putting Chrome users at risk through its extension which supposedly should make web browsing safer for Chrome users.
AVG responded with a fix several days later but it was rejected as it did not resolve the issue completely. The company tried to limit exposure by only accepting requests if the origin matches avg.com.
The issue with the fix was that AVG phone number only verified if avg.com was included in the origin which attackers could exploit by using subdomains that included the string, e.g. avg.com.www.example.com AVG customer service number.
Google's response made it clear that there was more at stake AVG helpline phone number.
Your proposed code doesn't require a secure origin, that means it permits http:// or https:// protocols when checking the hostname. Because of this, a network man in the middle can redirect a user to http://attack.avg.com, and supply javascript that opens a tab to a secure https origin, and then inject code into it. This means that a man in the middle can attack secure https sites like GMail, Banking, and so on v.To be absolutely clear: this means that AVG users have SSL disabled.
AVG's second update attempt on December 21 was accepted by Google, but Google did disable inline installations for the time being as possible policy violations were investigated AVG customer service number.
Closing Words
AVG put millions of Chrome users at risk and failed to deliver a proper patch the first time which did not resolve the issue. That's quite problematic for a company that is trying to protect users from threats on the Internet and locally AVG helpline phone number.
It would be interesting to see how beneficial, or not, all those security software extensions are that get installed alongside antivirus software. I would not be surprised if results came back that they do more harm than provide use to users.
Now You: Which antivirus solution are you using AVG helpline phone number?
Summary
Article Name
AVG putting millions of Chrome users at risk
Description
AVG put millions of Google Chrome users at risk through a security extension that the company prompts users to install.
Author
Martin Brinkmann
WE NEED YOUR HELP
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site AVG helpline phone number.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees AVG phone number.
If you like our content and would like to help, please consider making a contribution:
Comments
Post a Comment