Vulnerable Chrome extension exposes browsing history
Browsing histories and other data is being exposed on the internet by a Google Chrome extension that AVG AntiVirus inevitably installs on user's systems.
A vulnerability that was discovered is a “Trivial universal” XSS in the navigate API that can let websites execute scripts in any other territories. Therefore, a website can read emails from Google mail and simultaneously perform other actions due to the high-severity flaw. The API extension also exposes the browsing history of a user to the internet and can be used for Remote Code Execution.
Version 22.214.171.124 of AVG Web Tune UP fixed the security issues. Google has blocked AVG's skill of carrying out inline installations of this extension. The Chrome Web Store team is reviewing AVG for the possibility of Web Store policy violations.