DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
November 18, 2018 
Main Menu
News archives

Who's Online
There are currently 135 people online.


Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller

Follow us

Very dangerous flaw discovered in WebEx plugin for Chrome

Posted on Tuesday, January 24 2017 @ 15:14:27 CET by

If you have the Cisco Systems WebEx browser extension installed for Google's Chrome browser you need to update this service as soon as possible as there's a high risk of a drive-by attack. Used by about 20 million users, the plug-in contains a serious security bug that lets any site run malicious code by hosting a file or resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL.

This "magic" pattern is used by the WebEx service to remotely start a meeting on visiting computers that have the Chrome extension installed but security researchers discovered that any website can invoke this command not just to begin a WebEx session, but also to execute arbitrary code or commands.
Martijn Grooten, a security researcher for Virus Bulletin, told Ars:

If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!
WebEx security bug

More details and background info can be read at ARS Technica.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba