Severe vulnerability in Cisco’s WebEx extension for Chrome leaves PCs open to easy attack - gomezaffeas
Anyone who uses the popular Cisco WebEx annex for Chrome should update to the latest edition pronto. Google protection researcher Tavis Ormandy of late discovered a serious vulnerability in the Chromium-plate extension that leaves PCs wide open to snipe.
In older versions of the extension (earlier version 1.0.3) malicious actors could tally a "magic drawing string" to a World Wide Web address or file hosted on a website. The magic bowed stringed instrument was designed to remotely activate the WebEx web browser extension. Once the extension was activated the bad guys could do despiteful code connected the prey political machine.
Ian Apostle Paul The impact on you at home: It's a good idea for anyone World Health Organization uses this extension to make sure it's updated to the current version given the severity of the exposure. To start eccentric chromium-plate://extensions into the Chrome address bar and hit Enter. Next, scroll down until you see the introduction for the Cisco WebEx Filename extension—extensions are organized alphabetically. To the satisfactory of the extension name you should hopefully see version 1.0.5, atomic number 3 pictured above.
Protect yourself
If you don't, you can practice one of three things.
The starting time is to uninstall the extension by clicking the scraps can icon, and then reinstall it from the Chromium-plate Web Store. The second method acting is to check the Developer mode package in the top right corner of the chrome://extensions page. That bequeath reveal a clit in the top right corner calledUpdate extensions now. Click that, and you should constitute all set.
It's non clear if version 1.0.5 offers any significant auspices against the menace Ormandy describes. Apparently, totally version 1.0.3 did was offer a pop-up anytime that magic encode was old, according to Cloudfare security researcher Filippo Valsorda. That puts the onus on the user to make sure they really need to be using WebEx when that dad-up appears.
IDG That brings US to the finale root. If you'd rather not bother with the extension it's also latent to use a working, downloadable desktop program for each one time you want to use WebEx. That whitethorn not be convenient, but it's an alternative.
Ormandy's discovery up decent eyebrows that Mozilla blocked WebEx for Firefox. At this writing, reading 1.0.3 of the extension (discharged connected Tuesday, January 24) was in the Firefox add-ons catalogue; yet, arsenic Mozilla has up to now to review the updated extension it can't cost installed on the mainstream interlingual rendition of Firefox 43 and up.
Source: https://www.pcworld.com/article/411794/severe-vulnerability-in-ciscos-webex-extension-for-chrome-leaves-pcs-open-to-easy-attack.html
Posted by: gomezaffeas.blogspot.com
0 Response to "Severe vulnerability in Cisco’s WebEx extension for Chrome leaves PCs open to easy attack - gomezaffeas"
Post a Comment