Millions of Chrome users’ data at stake due to AVG Web TuneUp free tool

AVG Web TuneUp is a free tool to protect PCs from malware and web trackers. Unfortunately, the tool that was meant to ward off malware itself contained a flaw that put the data of millions of Chrome users at stake.

As reported recently by BBC News, Google’s security team spotted that AVG Web TuneUp was overriding the safety features built into the Chrome browser. This issue was brought to notice by Google’s Tavis Ormandy to other members of his Project Zero team on December 15th.

AVG Web TuneUp

What did AVG Web TuneUp do?

As per his observation, when a user installs AVG AntiVirus, AVG Web TuneUp is ‘forced’ installed. He also mentioned that around 9 million active Chrome users had this AVG Web TuneUp installed on their browsers.

Ormandy further mentions in his message,

“This extension adds numerous JavaScript API’s to chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated, so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API. Anyway, many of the API’s are broken, the attached exploit steals cookies from avg.com. It also exposes browsing history and other personal data on the internet, I wouldn’t be surprised if it’s possible to turn this into arbitrary code execution.”

On contacting the Amsterdam-based cybersecurity firm, he mentioned about the problems created by AVG Web TuneUp.

“Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users. My concern is that your security software is disabling web security for nine million Chrome users, apparently so that you can hijack search settings and the new tab page. I hope the severity of this issue is clear to you, fixing it should be your highest priority.”

It was revealed that AVG did try to resolve the issue related to AVG Web TuneUp. However, the attempt did not work.

What is the current status of AVG Web TuneUp

AVG confirmed the fact in a statement that the flaw related AVG Web TuneUp has been addressed. And now the vulnerability has been fixed. AVG further mentioned that the fixed version has been published and automatically updated for users.

However, an independent security expert said that although the flaw related to AVG Web TuneUp is now fixed, it shows that almost any software installed on a computer can introduce security vulnerabilities, even if that software is intended to improve security. This should certainly be taken as a warning by all, says BBC.

See this post if you want to completely uninstall AVG Web TuneUp from Windows PC.

Those of you who want to stay safe, may want to take a look at some of the recommended free antivirus software for Windows PC.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

9 Comments

  1. I discovered that I had AVG Web Tuneup installed on my PC. I tried to uninstall it in the usual way via Control Panel, but I cannot remove it. I can highlight it, click on ‘Uninstall’ but nothing happens. Any advice please?

  2. Dan

    Just a suggestion, hope it works…in Windows Explorer, look for the following file…C:Program FilesAVG Web TuneUpUNINSTALL.exe/PROMPT/Uninstall…and try to run uninstall from there.

  3. Thanks for the tip Dan. The folder AVG Web TuneUp is there all right, in Program Files, but no uninstall.exe in any of the various sub-folders. There’s a folder of images named IMAGES/uninstaller, that’s all.

  4. Dan

    Drat! I’d say if that file then isn’t just a leftover an uninstaller missed (and which could be deleted), at a web page captioned “Uninstall AVG software”, AVG Support describes how to download and use its own uninstaller for removing any kind of AVG software on various Windows OS including 10; I also recall MS at https://support.microsoft.com/en-us/mats/program_install_and_uninstall had a utility which could (sometimes) find and remove poor app uninstalls; if neither of these tools work for you, I myself am out of ideas, and could only then suggest contacting AVG support. Good luck, cheers!

  5. MmeMoxie

    Get Revo Uninstaller Free and I bet, it will remove this nasty program or look at the AVG website, to see if, there is an uninstaller there to use. Dan has been giving you excellent information, but, there are those stubborn programs where you just might need Revo Uninstaller Free. It works, I have used it for years, the Free version. 🙂

  6. I looked at the AVG website first, but it was of no help at all, so I did as you suggested, downloaded and ran “Revo Uninstaller Free”, and it worked! It found 430 files and registry items associated with Web TuneUp. No wonder my PC was getting slow.
    Thanks heaps for your advice.

  7. MmeMoxie

    You are more than welcome. I can’t tell you how many times Revo Uninstaller Free has saved my computer for being “held hostage” and saving it. As you get more comfortable using Revo, learn to use the Advance setting. It will clean the crooks and crannies.

  8. Thank you Anand – it’s a very good tutorial which I have read and bookmarked for future reference. As you recommend, I have checked the addons in Internet Explorer and the only one enabled is Shockwave Flash Object. The rest are disabled, possibly because I occasionally run msconfig, click on Startup and uncheck the boxes for all those items I do not want loaded at startup (in the hope that it will speed up my Asus laptop). I will be changing to Firefox in future because my version of IE won’t be supported by various websites in future, and it can’t be updated because I am running Windows Vista.
    Firefox has just one addon enabled – “DownThemAll”.

Leave a Reply

Your email address will not be published. Required fields are marked *