Posts Tagged ‘chrome’

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Wednesday, July 19th, 2017
Cisco-WebEx-Remote-Command-Execution

A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer.

Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and collaborate with colleagues around the world.  The extension has roughly 20 million active users.Discovered by Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security, the remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension. To exploit the vulnerability, all an attacker need to do is trick victims into visiting a web page containing specially crafted malicious code through the browser with affected extension installed.  Successful exploitation of this vulnerability could result in the attacker executing arbitrary code with the privileges of the affected browser and gaining control of the affected system.

“I see several problems with the way sanitization works, and have produced a remote code execution exploit to demonstrate them,” Ormandy said. “This extension has over 20M [million] active Chrome users alone, FireFox and other browsers are likely to be affected as well.”Cisco has already patched the vulnerability and released “Cisco WebEx Extension 1.0.12” update for Chrome and Firefox browsers that address this issue, though “there are no workarounds that address this vulnerability.”

“This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows,” Cisco confirmed in an advisory released today.

Download Cisco WebEx Extension 1.0.12

In general, users are always recommended to run all software as a non-privileged user in an effort to diminish the effects of a successful attack.

 Fortunately, Apple’s Safari, Microsoft’s Internet Explorer and Microsoft’s Edge are not affected by this vulnerability.  Cisco WebEx Productivity Tools, Cisco WebEx browser extensions for Mac or Linux, and Cisco WebEx on Microsoft Edge or Internet Explorer are not affected by the vulnerability, the company confirmed.The remote code execution vulnerability in Cisco WebEx extension has been discovered second time in this year.

 

Source: Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Google releases its first 64-bit Chrome web browser- The Inquirer

Thursday, July 3rd, 2014

GOOGLE’S CHROMIUM PROJECT has released its first 64-bit edition of the Chrome web browser for Windows.
google chromium

The project manages Google’s open-source web browser code underlying the Chrome browser and Chrome OS. It claims that the new build is up to 25 percent faster than the standard 32-bit version, particularly for graphics and multimedia content. In addition crash rates for rendering are down nearly 50 percent from the 32-bit version.

The 64-bit version, which has full functionality, also takes advantage of additional security features in 64-bit Windows architecture such as High Entropy ASLR, as well as improving existing measures like heap partitioning.

At present, the new version is only available to Windows 7 and 8 users. The build is not considered stable yet, and is only available in the Developer or Canary (nightly build) channels.

Existing Chrome users can load the 64-bit version over the installed 32-bit edition without having to uninstall. In addition, all settings are preserved, though as with any test build, it might bork some of your add-ons.

via Google releases its first 64-bit Chrome web browser- The Inquirer.

The Hole in Microsoft Explorer is Bigger Than You Think | Rebecca Abrahams

Tuesday, April 29th, 2014

The best advice for now is to find another Browser and dump Internet Explorer. Microsoft’s tepid response to the threat and the fact that Internet Explorer Browsers may have been exploited over a considerable time period suggests that the Browser cannot be trusted.All Microsoft Explorer Browsers from version 6 up through version 11 are potentially impacted by the vulnerability. While FireEye says that the exploit was designed mostly against Explorer Versions 9 to 11, the earlier Explorer products also are vulnerable. If we just consider Versions 9 to 11 we are talking about 25% of the Browser market; if all versions are considered we are at nearly half the Browser market.Spies, intruders and hackers usually go after low hanging fruit, and with Microsoft dominating the Browser marketplace, it is a prime target. But that is changing. Google Chrome is growing rapidly in market share, partly because it offers Gmail and functions such as Google Docs.Right now we don’t know if Google, or Firefox which makes an excellent Browser, or any other such as Opera are safer than Microsoft’s Internet Explorer.

via The Hole in Microsoft Explorer is Bigger Than You Think | Rebecca Abrahams.

Chrome Remote Desktop app – Google Help

Saturday, April 19th, 2014

Chrome Remote Desktop app

Chrome Remote Desktop allows you to set up your computer for secure remote access. This includes setting up your computer so that you can access it later from another machine; or you can also use the app to let a friend remotely access your computer temporarily, perfect for times when you need help solving a computer problem.

Add the Chrome Remote Desktop app to Chrome

Install the Chrome Remote Desktop app on every computer you want to access remotely and every computer you’d like to connect from.

  1. Visit the Chrome Remote Desktop app page in the Chrome Web Store.
  2. Click Add to Chrome to install the app.
  3. When the confirmation dialog appears, click Add.
  4. A new tab will open and the app’s icon Chrome Remote Desktop App will appear in the Apps section of the page.

If you’re using a Chrome device, you can find the app in the apps list.

via Chrome Remote Desktop app – Chrome Help.