Security News > 2017 > January > Cisco WebEx extension opens Chrome users to drive-by malware attacks (Help Net Security)
2017-01-24 16:41
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, which can be exploited by attackers to effect malicious remote code execution (e.g. installing malware) on a target’s computer, was discovered by Google bug hunter Tavis Ormandy and responsibly disclosed to Cisco. “The extension works on any URL that contains the magic pattern ‘cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html’, which can be extracted … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fOosLnIN3qY/
Related news
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)