It seems that if you have been using AVG’s Web TuneUp Chrome extension, there is a good chance that you could have been exposed. For those who don’t use or who are unfamiliar with the Web TuneUp extension, basically what it does is it basically flags search results that are questionable, thus preventing users from surfing onto potentially dangerous websites.However according to a post on Google Security Research, it seems that the extension was coded in such a way that could have potentially exposed personal data to hackers on the internet. “This extension adds numerous JavaScript API’s to chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API.”
“Anyway, many of the API’s are broken, the attached exploit steals cookies from avg.com. It also exposes browsing history and other personal data to the internet, I wouldn’t be surprised if it’s possible to turn this into arbitrary code execution,” reads the post on Google Security Research. However the good news is that AVG has since patched the extension within a few days of being notified by Google.
If you haven’t updated already, then perhaps you should. It is unclear how long this security hole was around before Google found it, but we suppose at the very least it has now been closed.