News

Google researcher finds leak in automatically installed Adobe extension

By admin
Spread the love

Tavis Ormandy, security researcher with Google’s Project Zero team, has found a vulnerability in a Chrome extension from Adobe. Since last week, this is automatically added to the browser when Adobe software is installed.

Ormandy, who regularly finds and reports software leaks, reported the leak to Adobe, and the company recently released a patch. According to the researcher, this is a cross-site scripting vulnerability that makes it possible to execute arbitrary code in the browser or adjust privacy settings in a roundabout way. Direct code execution might be prevented by csp.

The researcher mentions that the extension has now been installed on 30 million devices; he bases this on numbers from the Chrome store. The extension has been installed automatically since last week, for example when installing Adobe Reader. Chrome users on Windows will then see a pop-up asking them to enable or remove the extension. The extension itself has been around for some time and offers users, among other things, the ability to convert web pages to PDF with the paid version of Acrobat.

The extension also collects some user data, in its own words to improve the quality of service. The data collected would not include URLs. Adobe’s decision has been criticized from the security world, as it poses unnecessary risks to users.

The message after installation

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck