Although Google has reported it with respect to Chrome, it likely affects other browsers.

It’s from AVG and it installs automatically without permission whenever the user installed the main AVG AV software. Since Chrome has similar tools, it isn’t even necessary.

AVG set their browser extension to bypass the normal vetting process by the Chrome Store. This allowed AVG to change the user’s home page when opening the browser and new tabs.

Apparently, it also did not encrypt data being sent on the extension’s “call home” and enabled hackers to easily intercept sensitive personal data as well as sites visited, and could enable the hackers to send malicious code to the user disguised as AVG legitimate content.

“The Google engineer contacted AVG with a demand that it fix the problem. AVG initially responded by tweaking the extension so that it would only send data to websites containing 'avg.com' in the address. However, as the Google Engineer pointed out, this would not work because hackers could simply create a site which included 'avg.com' as part of the full web address. AVG has now issued a patch for the problems. In spite of this, Google has put a freeze on anyone downloading the extension until it completes an investigation into whether AVG broke its guidelines. That investigation could mean the extension is permanently banned from Chrome.” – infopackets from Ars Technica

So…your AVG might not be such a bargain after all, and I’d suggest a different AV, especially if you like using Chrome…because, if AVG deliberately circumvented Google Store’s vetting, it may be forever excluded from Chrome…and who knows what else they’ve been up to just to sell data. Somehow, an AV company compromising a user’s security in such a manner would be a deal breaker for me, at least.

Source:

http://arstechnica.com/security/2015/12/google-slams-avg-for-exposing-chrome-user-data-with-security-plugin/

https://www.infopackets.com/news/9753/9-million-risk-browser-security-tool