The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more.
The vulnerability was discovered by Google Project Zero researcher Tavis Ormandy, who worked with AVG for the past two weeks to fix the issue. As he explains in his bug report, the AVG Web TuneUp extension, which lists over nine million users on its Chrome Web Store page, was vulnerable to trivial XSS attacks. Attackers aware of this problem would have been able to access a user's cookies and browsing history.Read more
A common security bug affected the antivirus engines of three major vendors, AVG, McAfee, and Kaspersky, as enSilo security researchers have discovered. The problem was first detected back in March 2015, when one of enSilo's own products collided with an AVG antivirus on one of its client's workstations.
After further investigation into the matter, enSilo's staff uncovered a security bug in the AVG antivirus as being the cause of the software incompatibility. The security bug relates to the fact that the AVG antivirus creates a memory space with full RWX privileges where it normally runs. Attackers would be allowed to bypass Windows built-in security features.Read more