The malicious activities connected with the Avast and AVG browser extensions has resulted the removal from Firefox Add-on store until the concerned companies are able to resolve the issue.
According to security researcher, Wladimir Palant, the extensions send a large amount of personal data about the browsing habits of users, which are far beyond what's supposed to be necessary for the extensions to function.
While the extensions were designed to warn the users on visit to malicious or phishing websites; with Avast and AVG, including subsidiary programs like Avast SafePrice, and AVG SafePrice, whereby the SafePrice extensions are to help online shoppers to know best offers, through price comparisons, and discount coupons available from various websites.
The stealthy nature of the software is such that downloading & installing any one of these extensions on your web browser, will automatically install the respective subsidiary add-on on the user's browser.
Personal Data Collected by the Add-ons
- Browsing history
- Unique User Identifier (UID) for tracking
- Browser version and number
- Operating system and version number
- Location data
How the Software Uses the collected Data
The tracking and window identifiers allow Avast to create a precise reconstruction of users' browsing activities. And also, the number of tabs opened by the user, the visited websites and time spent on the site, along with what was clicked and when you switched to a different tab.
It is pertinent to note that all are connected to a number of attributes, which allows Avast to recognize you accurately and reliably, even the UID.
The issue also affects Google Chrome, albeit Mozilla was quick to take action by temporarily removing the add-ons from Firefox extensions store, but Google is yet to remove the extensions from the Chrome Web Store.