An Interest In:
Web News this Week
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
Some of Our Sources
- Engadget
- Simplebits
- Smashing Apps
- Six Revisions
- Fudge Graphics
- 24 Ways
- Specky Boy
- CSS Tricks
- Web Resource Source
- The Verge
Help Webnuz
Referal links:
December 30, 2015 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/m1s-YqONaXg/avg-forces-chrome-extension-on-users-extension-is-woefully-insecure
AVG Forces Chrome Extension On Users, Extension Is Woefully Insecure
An anonymous reader writes: The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more. "This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page," explains Mr. Ormandy. "The installation process is quite complicated so that they [AVG] can bypass the Chrome [Store] malware checks, which specifically tries to stop abuse of the [Chrome] Extension API." Simple XSS and MitM attacks exposes data from other tabs opened in the browser, browsing history, and even manages to render SSL useless.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/m1s-YqONaXg/avg-forces-chrome-extension-on-users-extension-is-woefully-insecure
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot