A WebEx browser extension flaw discovered by Google’s Tavis Ormandy has now been patched by Cisco Systems. The critical vulnerability affects the Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) browser extensions on Windows machines. Affected versions of the extension are the Cisco WebEx Extension for Google Chrome (earlier versions than 1.0.7), the ActiveTouch General Plugin Container on Firefox (earlier versions than 106), and the IE GpcContainer Class ActiveX control file. (earlier versions than 10031.6.2017.0126)
The vulnerability in the web conferencing software could potentially be exploited by hackers allowing the remote execution of malicious code. According to Cisco, the WebEx browser extension flaw is due to a design defect in an application programming interface response parser.
WebEx is a popular browser extension. More than 20 million individuals actively use the extension with Google Chrome, and versions of the browser extension exist for Internet Explorer and Firefox.
There is a high risk of the WebEx browser extension flaw being exploited by hackers. According to Ormandy, the flaw can be exploited if the user visits a website with “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” in the URL or in an iFrame on the page. Ormandy says that this “magic string” would enable an attacker to execute arbitrary code.
Cisco Systems has already issued a patch to correct the WebEx browser extension flaw in Chrome. Users of the extension on Firefox and Internet Explorer have had to wait until today for their update to correct the vulnerability.
Cisco Systems had previously attempted to patch the flaw, and while the fix issued was effective at blocking most attacks, the WebEx browser extension flaw was still susceptible to cross-site scripting attacks.
Ormandy has tested the latest patch and has not managed to find any flaws that would allow hackers to exploit the vulnerability. Users of the browser extension are advised to update the extension as soon as possible to prevent exploitation by hackers.