The common belief is that security products from big brands like Avast make browsers secure, even if free. This belief fades to some extent if the latest report from Google on security product is to be believed. Google, recently reported that security systems add new features to that users find useful however, in the process, these companies deploy certain unwanted extensions on the machine that tend change the search provider. All this, make user systems less secure when such products are installed.
Avast weakens SafeZone browser security
To confirm this, Google started to analyze browser extensions and and found the results quite surprising. The three custom Chromium-based browsers the search-giant analyzed were found to weaken security instead of improving it.
The first company to face the Google’s ire was Avast. The company’s SafeZone or Avastium browser, based on Chromium, allowed attackers to read any file on the system by getting users to click on links.
This is how Google official Tavis Ormandy summed it up in a tweet.
You don’t even have to know the name or path of the file, because you can also retrieve directory listings using this attack. Additionally, you can send arbitrary *authenticated* HTTP requests, and read the responses. This allows an attacker to read cookies, email, interact with online banking and so on.
Avast has since then, patched this vulnerability and released and update.
Well, Avast was not the alone member in the list in whose security systems vulnerability was exploited but a handful of them were also reprimanded by Google for weakening user security. If you can recall, just two days ago, Comodo, the Internet Security Provider that offers Free Antivirus, SSL Certificate and other Internet Security related products for free was warned publicly by Google.
Read the details at source.