Stories
Slash Boxes
Comments

SoylentNews is people

Widely Used WebEx Plugin for Chrome is Easily Exploitable

posted by Fnord666 on Thursday January 26 2017, @05:41PM   Printer-friendly
from the patch-it-now dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit.

A combination of factors makes the vulnerabilities among the most severe in recent memory. First, WebEx is largely used in enterprise environments, which typically have the most to lose. Second, once a vulnerable user visits a site, it's trivial for anyone with control of it to execute malicious code with little sign anything is amiss. The vulnerability and the resulting patch were disclosed in a blog post published Monday by Tavis Ormandy, a researcher with Google's Project Zero security disclosure service.

Martijn Grooten, a security researcher for Virus Bulletin, told Ars:

If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!

Source: http://arstechnica.com/security/2017/01/ciscos-webex-chrome-plugin-opens-20-million-users-to-drive-by-attacks/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Widely Used WebEx Plugin for Chrome is Easily Exploitable | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday January 26 2017, @07:06PM

    by Anonymous Coward on Thursday January 26 2017, @07:06PM (#459061)

    Sure everyone seems to love Chrome but it happens to be the only browser that has managed to destabilize my linux distro. I'm sure its due to hardware support as I've got a newer laptop, but the very fact that the browser can crash the OS is kinda nuts.

  • (Score: 2) by DannyB on Thursday January 26 2017, @07:46PM

    by DannyB (5839) Subscriber Badge on Thursday January 26 2017, @07:46PM (#459083) Journal

    I haven't had any problems with Chrome on Mint, but then I don't use WebEx at home.

    --
    The lower I set my standards the more accomplishments I have.

  • (Score: 3, Insightful) by Anonymous Coward on Thursday January 26 2017, @08:51PM

    by Anonymous Coward on Thursday January 26 2017, @08:51PM (#459127)

    Considering how many people cream themselves over Chrome, it astonishes me how bad it is. It routinely freezes even without any additional plugins added and spies on people.

    It's a clear indication of how incompetent the people at Mozilla are that they're losing to that crapware product.

  • (Score: 2) by dyingtolive on Friday January 27 2017, @04:09PM

    by dyingtolive (952) on Friday January 27 2017, @04:09PM (#459523)

    It's 2017, bro. In the eyes of the majority, your browser IS your OS unless you're on a device with a fraction of the storage capacity, cpu, and bandwidth, then in that case, download and run my app!

    --
    Don't blame me, I voted for moose wang!

  • (Score: 1) by toddestan on Tuesday January 31 2017, @03:16AM

    by toddestan (4982) on Tuesday January 31 2017, @03:16AM (#460996)

    Most likely it's something to do with the hardware video acceleration.

    With that said, I don't use Chrome either as I prefer my browser to not spy on me.