Cisco Fixes Another Critical Vulnerability in WebEx Browser Extension

Cisco on Saturday fixed another vulnerability in its WebEx browser extension, this time in three browser versions instead of one. It also made it possible for an attacker to execute arbitrary code.

It is the second time in a week that a critical vulnerability has been removed from the extension. The vulnerability could allow an attacker to execute arbitrary code with the same privileges as the browser running the plug-in. To do this, the attacker must convince the target to navigate to a web page that has been modified to exploit the vulnerability in the extension’s api. Cisco will not disclose more details.

While the previous vulnerability only affected the Chrome browser, this one affects Chrome as well as Firefox and Internet Explorer. There are no workarounds for the vulnerability, so the update should be installed as soon as possible. The version in which the vulnerability has been removed can be downloaded immediately for all browsers.

That a second security update follows so shortly after the first is not entirely surprising. Tavis Ormandy, the security researcher at Google who uncovered the problems, already stated when the previous problem was published that while Cisco responded quickly to the report of the problem, he was not fully convinced that the vulnerability was also completely eliminated. used to be.

The browser extension from Cisco is aimed at business users and offers several possibilities, including video calls. WebEx has about twenty million users.