Mozilla has recently removed four browser extensions from its add-ons listing for the Firefox browser. Mozilla removed these AVG and Avast browser extensions following claims of users being spied on.
Mozilla Removed Avast, AVG Browser Extensions
The software developer and the creator of the Adblock Plus extension, Wladimir Palant, discovered how some Avast and AVG add-ons snooped on users’ activities. He shared a detailed post about such behavior exhibited by two of these add-ons.
Palant found two additional extensions exhibiting similar behavior. As revealed in his recent blog post,
They upload detailed browsing profiles of their users to uib.ff.avast.com. The amount of data collected here exceeds by far what would be considered necessary or appropriate even for the security extensions.
This behavior clearly violated the privacy policies of Mozilla and Google. Therefore, the researcher brought the matter to the respective firms’ attention.
Specifically, these four guilty add-ons include Avast Online Security, Avast SafePrice, AVG Online Security, and AVG SafePrice extensions.
Following Palant’s report, Mozilla removed these browser extensions from their add-on listings. Nonetheless, they haven’t blacklisted the add-ons as they continue to negotiate with Avast over this matter.
What About Other Browsers?
While Mozilla disabled the add-ons, Google continues to host these extensions on the Play Store. As the researcher believes,
Google Chrome is where the overwhelming majority of these users are. The only official way to report an extension here is the “report abuse” link. I used that one of course, but previous experience shows that it never has any effect. Extensions have only ever been removed from the Chrome Web Store after considerable news coverage.
Palant also reported the matter to Opera, whom acknowledged his report. As stated in their email to him,
Thanks for reporting it to us. We unpublished these extensions from our store.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Researcher Hacked Tesla Model X Demonstrating Keyless Entry System Vulnerability - November 25, 2020
- GitHub Patched A Vulnerability Months After Google’s Report - November 25, 2020
- Bug in Twitter Fleets Where Posts Remain Visible - November 24, 2020