Site   Web

December 31, 2015

Extension Flaws Put Chrome Users at Risk

Google Stops AVG Program From Auto Installing After Discovery

Image courtesy of (Stuart Miles) / FreeDigitalPhotos.net

AVG Antivirus is in hot water with Google after a security flaw was discovered, a flaw that left millions open to possible risks.

AVGWeb TuneUp, a free anti-malware program, reportedly placed nine million Chrome users at risk because it altered users’ settings in the browser. Google’s security research discussion list included a recent conversation about the risk where a user noted the risk.

“This extension adds numerous JavaScript API’s to chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API,” explained the post.

Because of the risk, reported Digital Trends, the tool has been banned from automatic installs when AVG products are installed.

An AVG spokesperson sent a statement to Ars Technica stating the Web TuneUp Chrome extension is “offered as an option, not forcibly or automatically installed. Installation only begins once the customer has initiated the process and confirmed acceptance in Chrome—a double opt-in.”

The spokesperson added, “There is no auto-installation of Google Chrome extensions; the “inline” option allows third parties to offer installation from their own site or product, rather than requiring customers to visit the Chrome Store. We fixed the reported vulnerability just prior to the holidays and do not expect Google to confirm the availability of inline installation until early next year. In the meantime, anyone wishing to install the extension may easily do so from the Chrome Store.”


avatar

W. Brice McVicar is a staff writer for SiteProNews.

css.php