Very dangerous flaw discovered in WebEx plugin for Chrome

Posted on Tuesday, January 24 2017 @ 15:14 CET by Thomas De Maesschalck
If you have the Cisco Systems WebEx browser extension installed for Google's Chrome browser you need to update this service as soon as possible as there's a high risk of a drive-by attack. Used by about 20 million users, the plug-in contains a serious security bug that lets any site run malicious code by hosting a file or resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL.

This "magic" pattern is used by the WebEx service to remotely start a meeting on visiting computers that have the Chrome extension installed but security researchers discovered that any website can invoke this command not just to begin a WebEx session, but also to execute arbitrary code or commands.
Martijn Grooten, a security researcher for Virus Bulletin, told Ars:

If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!
WebEx security bug

More details and background info can be read at ARS Technica.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments