Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>AVG's Chrome extension exposes personal data of 9 million users

AVG's Chrome extension exposes personal data of 9 million users


A security researcher from Google Security Research Team discovered a vulnerability in AVG Web TuneUp, a Chrome extension that forcibly installs when users install the AVG antivirus software. The extension, which has over 9 million active users, contains a serious flaw that exposes users’ browsing history, cookies, and personal data to attackers. This extension adds numerous JavaScript API’s to chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API.
 
AVG was informed about the vulnerability and has been fixed. The patch has been published and automatically updated to users.
 
Source:
 
SC Magazine
 
Google Security Research
 
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis