Threat Advisory: Key Vulnerability Found In Cisco’s WebEx Chrome Extension

January 25, 2017

A critical vulnerability has recently been uncovered in the Chrome extension of Cisco WebEx, a web conferencing software widely used by enterprise businesses, leaving 20 million users susceptible to attack.

Windows Chrome users are in danger of getting hacked if unknowingly visiting a malicious website. The malicious websites host a file or other resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in the URL. This string is how the WebEx service remotely starts a meeting on visiting computers that have the Chrome extension installed. The string may then begin a WebEx session, or allow an attacker to execute malicious code. 

Although Cisco has released a timely update (v 1.0.5) to resolve the security flaw, the new version may still allow code-execution exploits. Herjavec Group recommends uninstalling the Chrome extension completely and using the standard temporary application to start and run WebEx meetings until Cisco releases a patched update. It’s unknown whether the flaw is present in Safari and Internet Explorer browsers, however, Firefox has blocked the extension until a final fix is available.

For more information please connect with a Herjavec Group security specialist today.  

CONTACT US

Original Report


About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across Canada, the United States, and the United Kingdom. For more information, visit www.herjavecgroup.com.

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group
 sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.


Take the First Step
In Transforming Your Cybersecurity Program

Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.

Book a Free Consultation

Stay Informed

Follow us on Twitter
Connect with us on LinkedIn