SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   AVG Anti-Virus Vendors:   Grisoft
AVG Anti-Virus Flaws in 'Web TuneUp' Chrome Extension Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1034547
SecurityTracker URL:  http://securitytracker.com/id/1034547
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 29 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in AVG Anti-Virus. A remote user can obtain potentially sensitive information on the target system.

The software installs the 'Web TuneUp' extension on systems with the Chrome browser. The extension does not properly validate input. A remote user can create HTML that, when loaded by the target user, will disclose the target user's cookies, browser history, and other web browser details.

The Chrome extension id is 'chfdnecihphmhljaaejmgoiahnihplgn'.

The original advisory is available at:

https://code.google.com/p/google-security-research/issues/detail?id=675

Tavis Ormandy from Google Project Zero reported this vulnerability.

Impact:   A remote user can obtain the target user's cookies, browser history, and other web browser details.
Solution:   The vendor has issued a fix (Web TuneUp version 4.2.5.169).
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC