Security News > 2017 > January > Cisco WebEx extension opens Chrome users to drive-by malware attacks (Help Net Security)

Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, which can be exploited by attackers to effect malicious remote code execution (e.g. installing malware) on a target’s computer, was discovered by Google bug hunter Tavis Ormandy and responsibly disclosed to Cisco. “The extension works on any URL that contains the magic pattern ‘cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html’, which can be extracted … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fOosLnIN3qY/
Related news
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Cisco warns of Webex for BroadWorks flaw exposing credentials (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)