Security News > 2017 > January > Cisco WebEx extension opens Chrome users to drive-by malware attacks (Help Net Security)
2017-01-24 16:41
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, which can be exploited by attackers to effect malicious remote code execution (e.g. installing malware) on a target’s computer, was discovered by Google bug hunter Tavis Ormandy and responsibly disclosed to Cisco. “The extension works on any URL that contains the magic pattern ‘cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html’, which can be extracted … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fOosLnIN3qY/
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)