Security News > 2017 > January > Cisco WebEx extension opens Chrome users to drive-by malware attacks (Help Net Security)
2017-01-24 16:41
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, which can be exploited by attackers to effect malicious remote code execution (e.g. installing malware) on a target’s computer, was discovered by Google bug hunter Tavis Ormandy and responsibly disclosed to Cisco. “The extension works on any URL that contains the magic pattern ‘cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html’, which can be extracted … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fOosLnIN3qY/
Related news
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Cisco warns of Webex for BroadWorks flaw exposing credentials (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)