Posted on 12/28/2015 6:57:10 PM PST by Utilizer
The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more.
The vulnerability was discovered by Google Project Zero researcher, Tavis Ormandy, who worked with AVG for the past two weeks to fix the issue. AVG Web TuneUp vulnerable to an universal XSS
As Mr. Ormandy explains in his bug report, the AVG Web TuneUp extension, which lists over nine million users on its Chrome Web Store page, was vulnerable to trivial XSS (cross-site scripting) attacks.
Attackers aware of this problem would have been able to access a user's cookies, browsing history, and various other details exposed via Chrome.
"This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page," explains Mr. Ormandy. "The installation process is quite complicated so that they [AVG] can bypass the Chrome [Store] malware checks, which specifically tries to stop abuse of the [Chrome] Extension API."
(Excerpt) Read more at news.softpedia.com ...
I dropped AVG a few years back, when they dropped in the rankings due to inability to identify and remove certain malware. They had been at the top of the rankings prior to that.
If you install AVG they can install the AVG toolbar which is not easy to uninstall. Superantispyware and malwarebytes would not remove it when I had earlier this year as I read they “overlook” some adware.
Use Adwcleaner to remove it.
https://toolslib.net/downloads/viewdownload/1-adwcleaner
PITA to find and reinstall all the add-ons/extensions that I wanted, not to mention a few other tweaks that changed eons ago, and forgot about.
Don’t use Chrome...memory hog. Any anti virus that installs tool bars are enemies of the people!
I’ve never used it but it seems to be quite popular so users might wish to have a look at this...
I thought you had to click the “allow” button for the toolbar to be installed?
I have always views AVG as a virus.
From the article:
"Version 4.2.5.169 of AVG Web TuneUp fixed this issue."
That can be downloaded here.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
AVG used to be my anti-virus of choice, but they jumped the shark a few years ago and became total crap, and nagware besides. Wouldn’t have it on one of my machines on a bet now.
When AVG first came out, it was excellent. Small, fast, and unobtrusive. Then it got bloated, slow, and in-your-face. I dropped it for AVast. . . and then later for just running Windows Security Essentials.
A lot of crapware is now set stop that their bringalongware installs by default unless you UNcheck it, plus they intentionally make it confusing so it looks like you’re accepting the thing you wanted. Scumware.
No man, chrome extensions are things that make the end of your tailpipes look cool.
I’ve noticed that, but I’ve been quite careful to look closely at all the options and open every tab to make certain I always Un-check anything I did not wish to be installed.
For those few that did not provide an option to uncheck something so as to not install it, well, that particular program did not get installed.
I never needed them. My tailpipes were ALL chrome, along with the engine casing, carb filter cover, forward foot controls, 6-in overstock front end, and dual stacked headlights.
Wheelrims, handlebars and mirrors as well, of course.
I run a 4” over girder, jockey shift, suicide clutch.
“AVG used to be my anti-virus of choice, but they jumped the shark a few years ago and became total crap, and nagware besides.”
yep.
Beware of anything that’s “free” in the Internet of Things.
Microsoft Security Essentials/Defender work just fine for the majority of home users.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.