AVG force-installed vulnerable 'broken' Chrome extension


Google Security Research has criticized AVG for "force installing" AVG Web Tuneup, a Chrome extension which could be exploited to reveal "browsing history and other data to the internet".


And it only gets worse, the report claims.

This extension adds numerous JavaScript API’s to chrome, apparently so that they can hijack search settings and the new tab page.

The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API.

The Google researcher’s verdict was damning: "I’m really not thrilled about this trash being installed for Chrome users… your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page".

Fortunately AVG has since come up with a fix, and although Google seems unenthusiastic ("I think this is the best we’re likely to get") the company has declared that "this issue is resolved now".

Even better, there’s no more "force installing". You can decline the toolbar when offered it by the AVG Antivirus installer, and even if you don’t, Google has disabled its inline installation so you’ll be prompted to accept it (or not) when Chrome next restarts.

AVG AntiVirus Free 2016 is available (and now a little safer) for Windows XP and later.

14 Responses to AVG force-installed vulnerable 'broken' Chrome extension

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.