AVG's Web TuneUp software is meant to protect internet users from malware lurking in the internet but recently, it has been found out that AVG Web TuneUp malware protection is not as safe as it should be. According to Google's security team, the malware protection software has been overriding built-in safety features in the Google Chrome web browser.
The flaw about the AVG online security software is that it forcefully installs a plugin to the Chrome browser. The users are not notified and not given an opt-out option as well. The plugin exposes the internet history of a user including other personal data like passwords, emails and other activities online. The code literally makes it easier for anyone who has the skills to peek through a specific person's personal life. Malicious websites can potentially use this coding disaster to access other websites visited by any targeted AVG Web TuneUp user.
After the public outburst of its flawed software, AVG claims to have addressed the issue immediately. Travis Ormandy discovered the flaw and flagged the error to his team Project Zero team to look for more errors. Ormandy was not very pleased with AVG's carelessness., "My concern is that your security software is disabling web security for nine million Chrome users, apparently so that you can hijack search settings and the new tab page."
Ormandy's criticism and exchange of words with the AVG team uncovered that AVG's initial move to address the security issue did not work but it was later resolved last December 29, 2015.
The AVG team apologized and thanked Google's Security team for pointing out their error. "We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension."
Although the issue has already been addressed and fixed, Ormandy notified AVG that Google will not allow another auto-installing plugin for new AVG Web TuneUp users.