TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Deutsche Bank Sees Bitcoin Touch $28,000 By 2022 End, But Warns of Risks Ahead

    July 1, 2022

    The halftime show

    July 1, 2022

    Grayscale Goes to Court After SEC Rejects its Proposed ETF Bid

    July 1, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Elon Musk’s “Teslas in Tunnels” Las Vegas project is still happening, and here’s the first station

      July 1, 2022

      Meta warns employees of “serious times” in internal memo listing key product bets

      July 1, 2022

      The Supreme Court just took away an EPA tool to fight climate change — what happens next?

      July 1, 2022

      New York denies air permit to Bitcoin mining power plant

      July 1, 2022

      GM’s reportedly only making about 12 Hummer EVs a day

      July 1, 2022
    • Business
    • Cyber Security

      Auston Davis named CISO at Versant Health

      June 30, 2022

      Lessons learned from slew of recent data breaches

      June 30, 2022

      Cybersecurity from the inside out — Guarding against insider threats

      June 30, 2022

      We need the Foreign Intelligence Surveillance Act more than ever

      June 30, 2022

      IC3 issues warning on deepfake use in remote work applications

      June 29, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Chrome Zero-Day Exploited to Harvest User Data via PDF Files
    Cyber Security

    Chrome Zero-Day Exploited to Harvest User Data via PDF Files

    February 27, 2019Updated:February 27, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser.

    EdgeSpot claims to have identified several samples in the wild. When one of the PDFs is opened with Chrome, a document is shown to the user, but various pieces of information are collected and sent to a remote server in the background.

    Researchers say there is no suspicious activity when the files are opened using a viewer such as Adobe Reader, but outbound traffic has been detected when they are opened with Chrome.

    EdgeSpot says the specially crafted documents, which have been observed since late December, collect data such as IP address, operating system and Chrome versions, and the full path of the PDF file on the victim’s system.

    The data is sent via an HTTP POST request to a remote server without requiring any user interaction. The samples analyzed by the researchers have been sending the data to one of two domains: burpcollaborator.net or readnotify.com.

    A screenshot posted by EdgeSpot shows that one of the malicious files was a modified version of a document from Lonely Planet on the history of the Bay Islands in Honduras. Based on the names of the malicious files, they all appear to reference Honduras.

    A majority of the samples found by EdgeSpot have very low detection rates on VirusTotal at the time of writing – they are either marked as “clean” by all antiviruses or they are detected by only 2-3 products.

    EdgeSpot said it reported its findings to Google on December 26. However, it claims that Chrome developers only plan on rolling out a fix in late April. SecurityWeek has reached out to Google for comment and will update this article if the company responds.

    “We decided to release our finding prior to the patch because we think it’s better to give the affected users a chance to be informed/alerted of the potential risk, since the active exploits/samples are in the wild while the patch is not near away,” EdgeSpot said.

    Until a patch is released, users have been advised to avoid opening suspicious PDF documents via Chrome and use other PDF viewers.

    Adobe also released patches recently for some Reader vulnerabilities that can be exploited to harvest user data via PDF files.

    Related: Attackers Use Steganography to Obfuscate PDF Exploits

    Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

    Previous Columns by Eduard Kovacs:
    Tags:





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security

    Cybersecurity from the inside out — Guarding against insider threats

    June 30, 2022 Cyber Security

    We need the Foreign Intelligence Surveillance Act more than ever

    June 30, 2022 Cyber Security

    IC3 issues warning on deepfake use in remote work applications

    June 29, 2022 Cyber Security

    Kurt John named Chief Security Officer at Expedia

    June 29, 2022 Cyber Security
    Editors Picks

    The halftime show

    July 1, 2022

    Grayscale Goes to Court After SEC Rejects its Proposed ETF Bid

    July 1, 2022

    Xi Jinping insists Hong Kong must be governed by patriots on 25th anniversary of handover

    July 1, 2022

    Elon Musk’s “Teslas in Tunnels” Las Vegas project is still happening, and here’s the first station

    July 1, 2022
    Trending Now

    The Supreme Court just took away an EPA tool to fight climate change — what happens next?

    By techbizweb

    MAS Faults Three Arrows Capital for Sharing False Information

    By techbizweb

    France ready to bypass Hungary for global corporate tax deal

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.