AVG Web TuneUp Exposes Users' Personal Data

AVG Web TuneUp Exposes Users’ Personal Data 

Google has found a serious security flaw in AVG’s web extension called ‘Web TuneUp’, 

Forcing AVG to update its web extension. Google says that the extension overrides Google Chrome browser’s built-in safety features.

‘Web TuneUp’ is a browser add-on provided by AVG to protect its users from web’s hidden threats such as Malware sites, which it does by comparing them against AVG’s own Database. Web TuneUp is provided for free by AVG, users can download it from Chrome Web Store. It also comes as a bundle with AVG’s Antivirus software.

In December Google’s security research team found that the web extension is ignoring Chrome’s security features, which led to nine million of Chrome user’s personal data including their internet history being leaked to the internet. Google’s security researcher Travis Ormandy also said that the tool is leaving users vulnerable to being spied on by hackers, by exposing their email content and web habit.

On mid-December. Google’s security analyst Travis Ormandy sent what he described as an “angry e-mail”, to the security firm that called the AVG’s web extension “trash”. He  suggested AVG bypassed Chrome’s security settings in order to “hijack search setting and the new tab page”, adding that fixing it should be your topmost priority.

“This extension is so badly broken that I’m not sure whether I should be reporting it as a vulnerability, or asking the extension abuse team to investigate if it’s a PUP [potentially unwanted program]”, Ormandy wrote to AVG.

In response to Google’s complaint AVG released a broken patch on December, 19, which Google immediately rejected. A second effort on December, 28 was more successful, which is a little too late for Google’s likings.