Severe vulnerability in Cisco’s WebEx extension for Chrome leaves PCs open to easy attack


Anyone who uses the popular Cisco WebEx extension for Chrome should update to the latest version pronto. Google security researcher Tavis Ormandy recently discovered a serious vulnerability in the Chrome extension that leaves PCs wide open to attack.

In older versions of the extension (before version 1.0.3) malicious actors could add a “magic string” to a web address or file hosted on a website. The magic string was designed to remotely activate the WebEx browser extension. Once the extension was activated the bad guys could execute malicious code on the target machine. 

Ian Paul

The impact on you at home: It’s a good idea for anyone who uses this extension to make sure it’s updated to the latest version given the severity of the vulnerability. To start type chrome://extensions into the Chrome address bar and hit Enter. Next, scroll down until you see the entry for the Cisco WebEx Extension—extensions are organized alphabetically. To the right of the extension name you should hopefully see version 1.0.5, as pictured above.

Protect yourself

If you don’t, you can do one of three things.

Leave a Reply

Your email address will not be published. Required fields are marked *