Irony Report: AVG Had Sketchy Chrome Extension


You may be familiar with AVG Antivirus, a free antivirus program that's been around in some form or another since 1998. A powerful early competitor to the emerging antivirus industry, AVG evolved with the times fairly well and can now be found for free on the web, with more powerful pro versions available, and on mobile devices. AVG even began packaging a Chrome extension that was meant to give users a bit of extra peace of mind on the web by detecting and stopping attacks before they reached a user's computer. This addon came at a small price, allowing AVG control of a user's startup page and search bar, most likely for ad purposes or to allow fixes after malicious hijacking of the same.

Thing is, this little bit of control handed over to AVG had an enormous hole. For starters, it installed itself and took control by literally circumventing Chrome's built-in security. On top of that, because the extension didn't check who code was coming from, any attacker could utilize that hole to inject code into a webpage and execute it on the machine. AVG's assumption that they were the only ones who would know about this proverbial open window wound up drawing the ire of a wide range of users. The exploit could possibly have even led to remote code execution and total control by the attacker. A few users on Google Code banded together to explore the security hole and make sure AVG got around to fixing it.


After one unsuccessful patch attempt, AVG did manage to get it fixed in a hacky sort of way by implementing a security checkpoint of sorts, but the extension effectively breaks some web content in doing so. Sadly, this is far from the first or last time that antivirus makers will make mistakes in their software, fail to keep up with hackers or just plain leave security holes wide open. AVG still comes with the extension, but it should no longer be a security risk. This issue should not affect users of most other browsers at all, but best practice is to always keep your guard up on the web and never place full trust in any software, even that which your device ships with.

Share this page

Copyright ©2015 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments