Google ban AVG Chrome extension
Google have gone and banned AVG from automatically installing their Web TuneUp Chrome extension. Why? Well, it completely borked the online security of nine million people, thanks to weaknesses found in an audit.
Tavis Ormandy, a researcher at Google, had been giving the antivirus software the once over, found that it was filled with vulnerabilities, which is exactly the opposite of what you want out of something that's supposed to make your devices safer.
The Web TuneUp is installed with AVG's antivirus package, and basically tries to stop you Chrome users from going on sites that host malware. At the time of writing, over 9 million people were using it.
Ormandy said that the extension leaked "browsing history and other personal data to the internet," and that means that nasty websites could exploit the frailties to get into other sites a user is logged into. This is great news for hackers, and terrible news for everyone else.
"Apologies for my harsh tone, but I'm really not thrilled about this trash being installed for Chrome users," Ormandy told AVG in his report. "The extension is so badly broken that I'm not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it's a PuP [potentially unwanted program aka malware]."
Last week, AVG updated the programme, however, Google are still not allowing AVG to install the extension automatically. Looks like they need to get Google's trust back up. If you want it, you'll have to download it manually from the Chrome store.
"We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension. The vulnerability has been fixed; the fixed version has been published and automatically updated to users," an AVG spokesperson told El Reg.