Skip to main content

AVG putting millions of Chrome users at risk

AVG putting millions of Chrome users at risk by AVG support phone number


Security company AVG support phone number, well known for its free and commercial security products that offer a wide range of security-related safeguards and services, has put millions of Chrome users at risk recently by breaking Chrome security in a fundamental way in one of its extensions for the web browser.

AVG, like many other security companies offering free products, is using different monetization strategies to earn revenue from its free offerings AVG support number.
One part of the equation is getting customers to upgrade to paid versions of AVG and for a while, that was the only way things worked for companies like AVG support phone number.
The free version works fine on its own but is being used to advertise the paid version that is offering advanced features such as anti-spam or an enhanced firewall on top of that.
avg web tuneup
Security companies started to add other revenue streams to their free offerings, and one of the most prominent one in recent time involved the creation of browser extensions and the manipulation of the browser's default search engine, home page and new tab page that go along with it AVG support number.
Customers who install AVG software on their PC get a prompt in the end to safeguard their browsers. A click on ok in the interface installs AVG support phone number Web TuneUpin compatible browsers with minimal user interaction.
The extension has more than 8 million users according to the Chrome Web Store (according to Google's own statistics nearly nine million).
Doing so changes the home page, new tab page, and default search provider in the Chrome and Firefox web browser is installed on the system AVG phone number.
The extension that gets installed requests eight permissions including the permission to "read and change all data on all websites", "manage downloads", "communicate with cooperating native applications", "managing apps, extensions and themes", and changing home page, search settings and start page to a custom AVG support number search page.
avg web tuneup permissions
Chrome notices the changes and will prompt users offering to restore settings to their previous values if the changes made by the extension were not intended AVG support number.
Quite a few issues arise from installing the extension, for instance, AVG phone number that it changes the startup setting to "open a specific page" ignoring the users choice AVG customer service number (for instance to continue the last session) AVG customer service number.
If that is not bad enough, it is quite difficult to modify changed settings without disabling the extension. If you check the Chrome settings after installation and activation of AVG Web TuneUp, you will notice that you cannot modify home page, start parameters or search providers any more AVG support phone number.
chrome settings blocked
The main reason why these changes are made is money, not user security. AVG earns when users make searches and click on ads on the custom search engine they have created AVG support number.
If you add to this that the company announced recently in a privacy policy update that it will collect and sell -- nonidentifiable -- user data to third-parties, AVG phone number you end up with a scary product on its own AVG customer service number.
Security issue
A Google employee filed a bug report on December 15 stating that AVG Web TuneUp was disabling web security for nine million Chrome users. In a letter to AVG customer service phone number he wrote:
Apologies for my harsh tone, but I'm really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I'm not sure whether I should be reporting it to you as a vulnerability, AVG phone number or asking the extension abuse team to investigate if it's a PuP AVG customer service phone number.
Nevertheless, my concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page AVG customer service phone number.
There are multiple obvious attacks possible, for example, here is a trivial universal xss in the "navigate"AVG customer service phone number that can allow any website to execute script in the context of any other domain. For example, attacker.com can read email from mail.google.com, or corp.avg.com, or whatever else AVG helpline phone number.
Basically, AVG is putting Chrome users at risk through its extension which supposedly should make web browsing safer for Chrome users.
AVG responded with a fix several days later but it was rejected as it did not resolve the issue completely. The company tried to limit exposure by only accepting requests if the origin matches avg.com.
The issue with the fix was that AVG phone number only verified if avg.com was included in the origin which attackers could exploit by using subdomains that included the string, e.g. avg.com.www.example.com AVG customer service number.
Google's response made it clear that there was more at stake AVG helpline phone number.
Your proposed code doesn't require a secure origin, that means it permits http:// or https:// protocols when checking the hostname. Because of this, a network man in the middle can redirect a user to http://attack.avg.com, and supply javascript that opens a tab to a secure https origin, and then inject code into it. This means that a man in the middle can attack secure https sites like GMail, Banking, and so on v.
To be absolutely clear: this means that AVG users have SSL disabled.
AVG's second update attempt on December 21 was accepted by Google, but Google did disable inline installations for the time being as possible policy violations were investigated AVG customer service number.
Closing Words
AVG put millions of Chrome users at risk and failed to deliver a proper patch the first time which did not resolve the issue. That's quite problematic for a company that is trying to protect users from threats on the Internet and locally AVG helpline phone number.
It would be interesting to see how beneficial, or not, all those security software extensions are that get installed alongside antivirus software. I would not be surprised if results came back that they do more harm than provide use to users.
Now You: Which antivirus solution are you using AVG helpline phone number?
Summary
AVG putting millions of Chrome users at risk
Article Name
AVG putting millions of Chrome users at risk
Description
AVG put millions of Google Chrome users at risk through a security extension that the company prompts users to install.
Author

WE NEED YOUR HELP

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site AVG helpline phone number.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees AVG phone number.
If you like our content and would like to help, please consider making a contribution:

Comments

Popular posts from this blog

5 Most Common BitDefender Issues And How To Solve Them

BitDefender is one of the best online security suites on the market, but that doesn’t mean it isn’t without issues. Given the vast number of applications and uses it has to contend with, there’s bound to be a few problems here and there. Fortunately, these problems can be solved. Here are some of the most common BitDefender issues you might run into and what you can do about them  Bitdefender support phone number. 1. SSL Scanning BreaksSecure Sites and Apps by Bitdefender support phone number One common Bitdefender customer service number  problem appears to be a conflict with Microsoft Outlook, the popular email and time management tool. But upon closer inspection, it seems that the issue here is less about the application itself and more to do with SSL certificates. This particular issue can also crop up with websites and even some online games. If you’re having a problem with SSL certificates that cannot be verified (usually due to them be...

Quicken 2019 Troubleshooting Tips

Quicken 2019 Troubleshooting Tips by Quicken support phone number When using Quicken 2019, you probably want not only specific, step-by-step information about how to use the program, but also troubleshooting advice. Following are some techniques and tactics that you can use to solve the inevitable problems you encounter while using Quicken in real-life settings  Quicken support phone number. Tactic #1: Use the Quicken Help file  Quicken support number You have some problem that you can’t solve by using Help, and it’s either a bug or some glaring error in the Quicken documentation. Upon further reflection, you may be thinking that you’ve encountered some problem that you can’t possibly solve by consulting the  Quicken support phone number  Help file. Maybe you’re right. But about half the time, the problem is that people don’t know enough about Quicken to know what to do. People simply experience a mechanical problem, and they can’t make the ...

How to fix Malwarebytes memory issues

Malwarebytes is a great antimalware tool, however, many users reported Malwarebytes support phone number memory issues. It seems that this application is using more memory than it should, and this can be a big problem and drastically impact your performance. However, there’s a way to fix this issue by Malwarebytes support phone number. Malwarebytes is a solid antimalware tool, but sometimes Malwarebytes memory issues can occur and cause various problems. Speaking of memory issues, here are some problems that users reported: Malwarebytes high memory usage windows 10, CPU usage Windows 10  – Sometimes high CPU or memory usage can appear with Malwarebytes. If that’s the case, try ending the process and change its priority to low Malwarebytes support phone number. Malwarebytes freezes computer  – This can be a serious problem, and in most cases, it’s caused by a corrupted installation. To fix the problem, update Malwarebytes to the latest version and check if that helps....