If you have the Cisco Systems WebEx browser extension installed for Google's Chrome browser you need to update this service as soon as possible as there's a high risk of a drive-by attack. Used by about 20 million users, the plug-in contains a serious security bug that lets any site run malicious code by hosting a file or resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL.
This "magic" pattern is used by the WebEx service to remotely start a meeting on visiting computers that have the Chrome extension installed but security researchers discovered that any website can invoke this command not just to begin a WebEx session, but also to execute arbitrary code or commands.
Martijn Grooten, a security researcher for Virus Bulletin, told Ars:
If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!
More details and background info can be read at ARS Technica.