Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday January 26 2017, @05:41PM   Printer-friendly
from the patch-it-now dept.

Submitted via IRC for TheMightyBuzzard

The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit.

A combination of factors makes the vulnerabilities among the most severe in recent memory. First, WebEx is largely used in enterprise environments, which typically have the most to lose. Second, once a vulnerable user visits a site, it's trivial for anyone with control of it to execute malicious code with little sign anything is amiss. The vulnerability and the resulting patch were disclosed in a blog post published Monday by Tavis Ormandy, a researcher with Google's Project Zero security disclosure service.

Martijn Grooten, a security researcher for Virus Bulletin, told Ars:

If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!

Source: http://arstechnica.com/security/2017/01/ciscos-webex-chrome-plugin-opens-20-million-users-to-drive-by-attacks/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by EvilSS on Friday January 27 2017, @03:59PM

    by EvilSS (1456) Subscriber Badge on Friday January 27 2017, @03:59PM (#459517)
    Yea the problem with these is it's not like it's something you would go out and install if you didn't need it for work. Most people with IT jobs are tied to having WebEx and/or GoToMeeting plugins because you know you are going to use it and as soon as you remove it you will need it again before too long. At least with GTM you have the option of using the PC app to join a meeting directly so you can bypass the plugin. If WebEx supports that I haven't managed to find it yet.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2