Avast reprimanded by Google for weakening browser security

The common belief is that security products from big brands like Avast make browsers secure, even if free. This belief fades to some extent if the latest report from Google on security product is to be believed. Google, recently reported that security systems add new features to that users find useful however, in the process, these companies deploy certain unwanted extensions on the machine that tend change the search provider. All this, make user systems less secure when such products are installed.


Avast weakens SafeZone browser security

To confirm this, Google started to analyze browser extensions and and found the results quite surprising. The three custom Chromium-based browsers the search-giant analyzed were found to weaken security instead of improving it.

The first company to face the Google’s ire was Avast. The company’s SafeZone or Avastium browser, based on Chromium, allowed attackers to read any file on the system by getting users to click on links.

This is how Google official Tavis Ormandy summed it up in a tweet.

You don’t even have to know the name or path of the file, because you can also retrieve directory listings using this attack. Additionally, you can send arbitrary *authenticated* HTTP requests, and read the responses. This allows an attacker to read cookies, email, interact with online banking and so on.

Avast has since then, patched this vulnerability and released and update.

Well, Avast was not the alone member in the list in whose security systems vulnerability was exploited but a handful of them were also reprimanded by Google for weakening user security. If you can recall, just two days ago, Comodo, the Internet Security Provider that offers Free Antivirus, SSL Certificate and other Internet Security related products for free was warned publicly by Google.

Read the details at source.

Posted by with Tags
The author Hemant Saxena is a post-graduate in technology and has an immense interest in following Microsoft and other technology developments around the world. Quiet by nature, he is an avid Lacrosse player.


  1. Dan

    Just because extensions like Noscript or Script Defender can safely do some things certainly doesn’t mean all extensions are safe, especially for security; the only security extension I’ve ever liked for its limited purpose is Team Cymru’s MHR extension for FF…it works only in the browser’s download directory and lets you check any download for malware, no known extension leaks. I use it in Linux FF browsers as an additional way to spot junk that could be transferred to Windows, there being slim Linux AV at the moment. Also, watch VPN extensions…many just have the changed IP “sitting at the end” but use your ISP’s or whatever your regular DNS resolvers are instead of their own, creating a DNS leak despite changed IP, and most VPN extensions don’t block WebRTC so your real IP is reported to sites as well as the changed IP. Thanks for reminding of browser security, cheers!

  2. Gaggle

    So Google, who made you the ‘king’ of security? As the front-runner in revoking user privacy, you have some nerve attacking another company; there is a better way to handle yourself in this situation. This is exactly why I don’t use your clunky, sub-standard products.

  3. Laura Krohn

    google doesn’t like it because it over rides their spying platform and avast keeps you safe from hackers , spys and government spys and you can choose for your bowsing history not to be shown i have been using avast for a good 9 years 10 years or more and it works great and i’ve never had any issue i love their browser becuase it runs smoother and it keeps all teh nasty people out of your browsing history and from being tracked .

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 2 =