A few weeks ago, Google staffer and security researcher Tavis Ormandy disclosed a vulnerability in a Chrome extension from AVG that put users' PCs at risk. Ormandy has since discovered a flaw in another security-minded application, this time from Trend Micro.

When users install Trend Micro's antivirus software, another program called Password Manager is also automatically installed and set to launch at startup. Ormandy found that the app is primarily written in JavaScript with node.js.

Long story short, he determined that the app used an "ancient" build of Chromium that left users open to attack and also exposed stored passwords to the Internet. Fortunately, Ormandy reached out to Trend Micro to inform the company of the flaw and help to get a fix issued. In total, the process from start to finish took about a week.

The security researcher also recommended Trend Micro to hire a professional security consultant to handle audit work. Trend Micro issued a statement earlier this week saying it responded quickly to the initial report and worked with Ormandy to understand the issue and address it.

The company released a mandatory update through its ActiveUpdate system on January 11 that fixes the issue and thanked the security researcher for his help.

Image courtesy ExtremeTech