DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 14, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 190 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Google mad about AVG's broken Chrome toolbar

Posted on Thursday, December 31 2015 @ 13:17:34 CET by


AVG logo
AVG is one of the most popular free anti-virus solutions but the firm messed up badly with AVG SafeSearch, a Chrome toolbar that's installed without user consent. The fact that the toolbar will capture consumer data to sell it to advertisers is annoying enough, but Google was quite furious upon finding out that the extension is so broken that it poses a big security risk for Chrome users.

Google Security researcher Tavis Orlandy filed a bug report on December 15 and send the following e-mail to AVG:
“I’m really not thrilled about this trash being installed for Chrome users. The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP [potentially unwanted program].

Nevertheless, my concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page.

There are multiple obvious attacks possible, for example, here is a trivial universal xss in the ‘navigate’ API that can allow any website to execute script in the context of any other domain.” (The relevant code samples can be viewed at the initial bug report.)
AVG released a broken patch on December 19, which got rejected by Google. At the moment, Google is evaluating a revised patch, and reviewing the extension to determine if AVG will be allowed to offer it at all. It's a quite sad incident, especially because AVG's free anti-virus solution is one of the best in the world.

Full details ExtremeTech.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba