Enterprise-Level WebEx Chrome Plugin Users Vulnerable to Drive-by Attacks

Users of the Google Chrome browser should update the commonly used WebEx plugin. This particular type of code is used for the Cisco Systems WebEx service, yet contains a severe vulnerability. The unpatched version of this plugin allows any site to run malicious code, which would cause harm to millions of Internet users. All of these drive-by attacks can occur on any website visited by these users, regardless of who it belongs to.

WebEx Plugin Can Facilitate Drive-by Attacks

In the enterprise sector, WebEx is used by more than 20 million users as of today. These potential targets are also a high-value target for criminals who look to take advantage of the Chrome plug-in’s vulnerabilities. Anyone who manages to exploit this flaw while it’s present can create one of the world’s most powerful exploits kits.

Not only could criminals target these 20 million enterprise users, but they could also exploit the companies these employees work for. If these vulnerabilities are exploited on a large scale, it is impossible to predict what will happen. Thankfully, an emergency update has been released for this plugin, and users are advised to update as soon as possible.

Exploiting this vulnerability is not difficult either. All it takes is a compromised website to host a file or resource that contains the so-called “magic” string in its URL. This “magic string” pattern allows the WebEx service to remotely start meetings on any computer, as long as they have the extension installed. Through this command, a hacker could execute any form of code or command to cause havoc. In fact, it is possible to load this “magic string” into an iframe tag, where it would be hidden from the public.

Even though this emergency patch solves the problem, it is not necessarily a full-fledged solution. Code-execution exploits can still be used against the WebEx Chrome plugin, due to update allowing Cisco’s webex.com site to invoke the magic pattern without warning. If that site were to suffer from an XSS (Cross Site Scripting) vulnerability, it would be possible once again to exploit the WebEx bug. Although that risk factor may be deemed “highly improbable”, it’s still worth taking into account.

Quite a few security experts have been analyzing the vulnerability and associated emergency patch. So far, not too many have been impressed with the update. Filippo Valsorda, who works as a security researcher at CloudFlare, stated how this is a “social engineering nightmare”. It is evident Cisco left a huge security gap wide open, and it is unclear if anyone has taken advantage of it.

Unfortunately, there is no way for Cisco to force this update upon its WebEx plugin users. All enterprise clients have to manually update to version 1.0.3. It is also possible to force the update by enabling “Developer Mode” in the plugin settings. All things considered, a lot of companies may remain vulnerable to this type of attack over the coming months.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.