You won’t find their Password Manager in the Chrome Web Store. That’s because it’s delivered during the installation of their Windows antivirus software or as a standalone app. If you had it hooked to your Google Chrome, your browser was unwittingly exposing 70 of its APIs to the Internet. Thankfully, it doesn’t appear as though the Trend vulnerability was being actively exploited and the original issue has been fixed.
The resolve, however, apparently doesn’t completely lock things down. According to one Chromium contributor, Trend’s fix — to implement header checks — is fairly easy to defeat with something like a Trojanized PDF.
Trend isn’t the only company Google has called out recently. Engineers just got finished resolving a similar issue with AVG over their Web TuneUp extension. Fortunately for Chrome users, Tavis Ormandy and his team are on top of the situation. It’d just be nice if security software vendors would stop creating busywork for them.