Providing Free and Editor Tested Software Downloads

MajorGeeks.com - We put the Major in Geeks!

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

4. Visual C++ Redistributable Runtimes AIO Repack

5. Visual C++ Runtime Installer (All-In-One)

6. McAfee Removal Tool (MCPR)

9. Sergei Strelec's WinPE

10. K-Lite Mega Codec Pack

How to Disable 1-Click Ordering on Amazon (and Avoid Surprise Charges)

How to Fix Shallow Paint Layer Depth in Bambu Studio

Aviator Betting Game Secrets: Unlock 97% RTP & Triple Your Wins

Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe

Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

How To Use VLC Media Player to Trim Video Clips

What Is the $WinREAgent Folder and Can I Delete It?

Swear Your Way to Better Search Results

How to Get a Dark Start Menu and Taskbar in Windows 10 & 11

Enable, Disable, Manage, Delete or Create a System Restore Point

AVG Flaw Puts 9 Million Users at Risk

Posted by: Timothy Weaver on 12/30/2015 10:47 AM [ Comments ]

Tavis Ormandy, a Google Project Zero researcher, discovered a vulnerability, since fixed, in AVG Web TuneUp. The flaw is a Chrome extension that forcibly installs when users install the AVG antivirus software.

The extension contains a serious flaw that exposes users' browsing history, cookies, and personal data to attackers and has nearly 9 million users.

Ormandy wrote: This extension adds numerous JavaScript API's to chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API.”

Ormandy wrote in a follow-up response: “I believe this issue is resolved now, but inline installations are disabled while the CWS team investigate possible policy violations.”

Avg has responded and wrote: "We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension. The vulnerability has been fixed; the fixed version has been published and automatically updated to users.”

Source: SCMagazine

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition