Tuesday December 29, 2015

AVG Chrome Extension Created Security Risk For Millions

I might be wrong but isn't antivirus software supposed to keep you safe from the bad guys? If you've been running the AVG Chrome extension, you might want to read this.

When Google reported the existence of a gaping flaw that appeared trivially easy to exploit and exposed users’ browsing history and hindered Chrome’s malware-checking abilities, they hoped AVG would move quickly to patch it up. To their credit, they put together a fix and pushed it to the Chrome Web Store within four days of Google security engineer Tavis Ormandy’s initial report. They failed to take care of a potential man-in-the-middle vulnerability, though, and had to push a second update the next day after additional prompting from Ormandy.

Comments