AVG have a give and take relationship when it comes to their attitudes and approach with security and privacy, from their creation of glasses that could hide you from facial recognition software to going so far as to start selling your browsing activity to companies. AVG Chrome plugin has been found to bypass Chrome’s security features, something which Google are less than happy with.
The Web TuneUp tool is available for download from Chrome’s extension store, which sent the web addresses where they were compared against known malicious sites, in hopes that they could warn you before you land on one of those bad sites. The way the plugin was created though reportedly left the information open to exploits as reported by Google Security researcher Tavis Ormandy on December 15 in an issue report. In the report, he describes it by stating that it “exposes browsing history and other personal data to the internet”.
Ormandy was less than pleased about it, stating that he was unsure if he should contact AVG (an action that he did do) or if he should ask the extension abuse team to investigate it as a PuP (Potentially unwanted program, a term often used to describe pieces of software that could also be described as viruses or malware).
As of December, 28th AVG has completed a secure patch for the plugin while it has been reported by Ars Technica that the plugin was frozen while the plugin was investigated for policy violations.