AVG Chrome extension had a huge security hole, patched just in time

AVG just patched a huge security hole that they found in their Chrome add-on before it could become blown out of proportion and used nefariously.

Published
Updated
37 seconds read time

One of AVG's Chrome addons, Web TuneUP had a security hole that your could drive a tank into, something that could potentially let websites with malicious code in their CSS take control of your PC, though only in a trivial manner.

AVG Chrome extension had a huge security hole, patched just in time | TweakTown.com

The exploit was originally found by Google, who reported it to AVG to have fixed. The initial fix wasn't quite good enough, so they just pushed out a new fix that seems to solve the issue. That being said, it still seems to be vulnerable to XSS attacks, though that should be fixed soon as well.

One generally thinks that antivirus companies are a bit more scrupulous and careful when designing their applications, but this mistake, and a mostly glaring one, calls to question the type of quality control and examination goes on before things go live. But it's best to fly without any addons, because all addons can potentially be security risks. Browse safe!

Jeff grew up in the Pacific Northwest where he fell in love with gaming and building his own PC’s. He's a huge fan of any genre of gaming from RTS to FPS, but especially favors space-sims. Now he's stepped into the adult world by becoming a professional student looking to break into the IT Security world. When he’s not deep in his studies, he’s deep in a new game, revisiting an old game, or testing the extreme limits of his own PC. He's now a news contributor for TweakTown, looking to bring a unique view on technology and gaming.

Newsletter Subscription

Related Tags