Avast Secure Browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Avast Secure Browser.
By the Year
In 2026 there have been 0 vulnerabilities in Avast Secure Browser. Secure Browser did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 0.00 |
It may take a day or so for new Secure Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Avast Secure Browser Security Vulnerabilities
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101
CVE-2019-17190
- January 27, 2020
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker.
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77
CVE-2019-18893
- January 13, 2020
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Avast Secure Browser or by Avast? Click the Watch button to subscribe.
