What is Avast Safe Zone Browser?
Avast Safe Zone Browser is a browser developed for the Chromium environment by the anti-virus company behind Avast anti-virus. This browser’s pet name is Avastium and it claims to offer increased security and protection. Yet these claims were proven otherwise when a researcher from Google Project Zero called Tavis Ormandy pointed to a critical loophole that could be used for hackers to gain access to the user’s PC.
Avast have already rectified this issue and they say that it is no longer a threat, but some people may still be interested in removing this program, as it may have other hidden vulnerabilities. However let’s see what is was all about…
The vulnerability explained
Avast opens a Web accessible RPC service on the local computer that can listen on port 27275. This can easily be exploited by a malicious website that is opened in another browser by forcing the browser to send commands to http://localhost:27275/comman.
Of course, most of the commands that can be executed in this way are not dangerous, but there is one which is named SWITCH_TO_SAFEZONE that is of particular interest. It can open an URL in Avastium (Avast Safe Zone Browser), but what is actually worrying is that it would not only open typical website URLs such as http:// or https://, but also local and internal URL’s like file:/// or chrome://.
This flaw is present because Avast had removed a critical security check that will prevent non-Web-related URL schemes from being opened from the command line. Because this protection was not present in Avastium it made it possible for an attacker to build a payload that would enable them to read local files.
Avast have already released a fix for this problem. You just need to install the Avast version 2016.11.1.2253 update. However if you have the Avast Safe Zone Browser and no longer wish to use it then you can uninstall it to get rid of any other possible flaw that may be hiding in there. It is a very simple process and can be done in just a few steps.
How to uninstall Avast Safe Zone Browser
- First open your Control Panel, click on Programs then Programs and Program features. Once you have done this chose Avast internet security, there may also be Avast AV, depending on the product installed on your PC.
- Once you have done this the ‘which components do you want to install screen should appear. Uncheck the Avast Safe Zone Browser and click change. Wait for the changes to take place and when prompted restart your computer. The uninstall process should be complete and Safe Zone Browser removed from your system.
Please note that if you decide to install Avast anytime in the future and want to avoid having to uninstall the browser component again, it is worth clicking on the boxes to uncheck the potentially unnecessary components such as: Avast Password, Clean up and Secureline VPN. Most importantly do not forget to uncheck the Avast Safe Zone Browser component; you do not want to have to go through the whole process to manually remove it again.
It is worth pointing out once again that Avast no longer has this flaw after version 2016.11.1.2253., but if you have an older version you should either immediately update or uninstall the entire feature.