If you participate in corporate web meetings, there's a good chance you have Cisco's WebEx Chrome extension. If so, you'll want to check that it's patched to version 1.03, because it has a scary hole that leaves machines open to drive-by attacks. In other words, "any website could just install malware on your machine silently," security expert Filippo Valsorda tweeted.
The problem was discovered by prolific Google researcher Tavis Ormandy, who said on Twitter that "there was a secret URL in WebEx that allowed any website to run arbitrary code." WebEx uses a coded link (cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html) to remotely start meetings on connected machines with the Chrome extension installed.
If a malicious player figured that out, they could place the URL on a web page (hidden in an invisible iframe for instance), where it would trigger the WebEx extension when you visit. From there, the attacker can execute any code they want and take full control of your machine.
The problems is particularly severe because some 20 million people use WebEx, and many of them are at corporations. That could leave sensitive materials, including private customer or employee data, open to theft, ransomware and other types of criminal activity.
Adobe recently added a browser extension to its Adobe Acrobat Reader DC software. Adobe tries to automatically install the extension in Google Chrome, but Chrome asks your permission before enabling it.
When you browse the internet these days, you are constantly being monitored and your data collected. This included not only agencies such as the NSA but also...
If entrepreneurs believe in themselves and their businesses, their enthusiasm can become contagious.
If you’ve just updated to the Dev or Beta release of Google Chrome, you might have noticed that a special version of Adobe Flash is now integrated into the default distribution of Chrome. But what about your old plug-in?
With global warming accelerating at an alarming pace, glaciers and ice sheets melting away, resulting in a rapid rise in sea levels. Today, sea levels show rise...
"Gold" and "technology" certainly do not rhyme together as the aurum glow is especially espoused with elegant ornaments. But what if I say that technology too o...
Add another lawsuit to the list for the automaker.
It's the reason the company did well despite the Note 7 scandal.
Also: 'The New Edition Story,' 'Supergirl,' 'The Path' season two and 'Incorporated' season finale.
Snapchat's Discover section is often full of gossip and clickbait.
Just decades ago, today's technological features would have been major plot points of science fiction movies. Fast forward to today and not only are they ever...
If you know you're not outgoing and don't like engaging with others, find teammates who can make up for those tendencies.
The lifeform holds on to its artificial genetic letters without a hitch.
The company plans to make its AI-powered research tool free to everyone.
