Cisco WebEx Extension Vulnerability
A critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, that allows attackers to execute malicious code on the victims’ computer remotely.
Cisco WebEx is a communication tool that allows users to connect and collaborate with colleagues around world for online events, meetings, webinars and video conferences.
The vulnerability was discovered by Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security.
For the attack to be successful, the victim must be tricked into visiting a web page that contains malicious code through the browser with the affected extension installed so that the vulnerability can be exploited. Once the vulnerability has been exploited, the attacker can gain access to the victims’ system with executing code from the affected browser.
Cisco has patched the vulnerability and advises users to update their extension.
Patched Cisco WebEx Extension 1.0.12
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2