AVG bug exposes 9 million users’ private data

Chris Scott Barr - Dec 30, 2015, 11:28am CST
AVG bug exposes 9 million users’ private data

When you install a piece of software that’s used for security, you expect just that. But what if your antivirus software actually ended up putting you at risk? That’s exactly what happened to users of AVG Antivirus, recently.

When you install AVG’s antivirus software, it also installs a Chrome extension by the name of AVG Web TuneUp. This extension is said to protect you online by giving you “more secure, private browsing.” Of course, along the way, it also hijacks your search settings and bypasses Chrome’s malware checks.

Having my search settings hijacked is enough to steer me away from virtually any software, regardless of what it does. However, a bug in this particular extension also exposed over 9 million users’ browsing history, cookies and personal data. So much for “secure, private browsing.”

Thankfully, the vulnerability was discovered by a Google Project Zero researcher, who passed the information along to AVG. The issue that allowed the information to be exposed has been fixed, but it still doesn’t excuse the fact that millions of people who used the extension for private browsing had their personal information exposed instead.

VIA: SCMagazine


Must Read Bits & Bytes