Bin Avast..
...it's no better than the malware than it pretends to protect you from
Avast has disabled a component in its Windows anti-malware suite that posed, ironically enough, a significant security risk. The software maker switched off the JavaScript interpreter in its toolkit after Google Project Zero's Tavis Ormandy, and his colleagues, alerted the developer to design flaws in the code. According to …
Actually Pascal it's more probably the entire discipline of software development populated by folks suffering from the Dunning Kruger effect. They just aren't aware they don't know what they're doing. Even the NCSC (the UK official cyber security agency) recently made its entire web site a JavaScript app. You can't even see the front page (and thus even the contact details to register an objection) unless JS is enabled.
The drive to make very web page look like a native application (and, ironically, increasingly every app to look like a web page) hasn't helped either.
When I started developing for the web (early '90s), we kept three principles in mind:
[1] do all critical processing server side where you can protect it from misuse
[2] make all significant content client agnostic so everyone can read it regardless of the tools they're using - the text of any web page should be readable in Lynx.
[3] allow presentation to degrade gracefully for less competent clients
All three principles have long been abandoned, resulting in both massive opportunities for malicious actors and exclusion from web resources of anyone who doesn't subscribe to the IT churn (e.g. 70-odd versions of Firefox in 10 years with increasing backward incompatibility and the "deprecation" of PHP functions, breaking existing code).
The growing mis-application of JavaScript is merely symptomatic of the Dunning Kruger effect. It's probably the only "language" most of them can code in, so they assume it's ideal for everything.