Cisco Webex extension for Chrome has serious vulnerability that allows Arbitrary Remote Command Execution
Cisco WebEx is one of the most widely used tools for conferencing and remote desktop sharing. Google researcher Tavis Ormandy unveiled a serious exploit in WebEx plugin for Chrome. The vulnerability will allow a hacker to execute code and take full control of the computer. Cisco has released a patch to fix this but the patch seem to be ineffective. We suggest you to use IE or Firefox to initiate WebEx or follow this method to protect your computer.
The extension works on any URL that contains the magic pattern “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html”, which can be extracted from the extensions manifest. Note that the pattern can occur in an iframe, so there is not necessarily any user-visible indication of what is happening, visiting any website would be enough. The extension uses nativeMessaging and is enough for any website to execute arbitrary code.
When a person initiates start of a meeting, WebEx uses a coded magic pattern to remotely start the meetings on connected machines with Chrome extension installed. The magic pattern is cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html. A hacker can use this URL to trigger the WebEx extension when you visit. The hacker can then take full control of your computer.