However according to a post on Google Security Research, it seems that the extension was coded in such a way that could have potentially exposed personal data to hackers on the internet. “This extension adds numerous JavaScript API’s to chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that they can bypass the chrome malware checks, which specifically tries to stop abuse of the extension API.”
“Anyway, many of the API’s are broken, the attached exploit steals cookies from avg.com. It also exposes browsing history and other personal data to the internet, I wouldn’t be surprised if it’s possible to turn this into arbitrary code execution,” reads the post on Google Security Research. However the good news is that AVG has since patched the extension within a few days of being notified by Google.
If you haven’t updated already, then perhaps you should. It is unclear how long this security hole was around before Google found it, but we suppose at the very least it has now been closed.