Cisco starts patching critical flaw in WebEx browser extension

Click here to visit Original posting

Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.

The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.

The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx extension exposed functionality to any website that had "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL or inside an iframe. Some of that WebEx functionality allowed for the execution of arbitrary code on computers.

To read this article in full or to leave a comment, please click here

Cisco starts patching critical flaw in WebEx browser extension

I’m a monster Batman fan – here’s where to stream the top movies and shows about the mysterious crimefighter this Batman Day

ICYMI: the week’s 6 biggest tech stories from the disappointing iOS 18 launch to ChatGPT messaging first being ‘fixed’

NYT Connections today — hints and answers for Saturday, September 21 (game #468)

NYT Strands today — hints, answers and spangram for Saturday, September 21 (game #202)