Security News > 2017 > January > Cisco WebEx extension opens Chrome users to drive-by malware attacks (Help Net Security)
2017-01-24 16:41
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, which can be exploited by attackers to effect malicious remote code execution (e.g. installing malware) on a target’s computer, was discovered by Google bug hunter Tavis Ormandy and responsibly disclosed to Cisco. “The extension works on any URL that contains the magic pattern ‘cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html’, which can be extracted … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fOosLnIN3qY/
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)