Cisco’s Webex Browser Extension contain a critical bug that can open up customers’ entire computers to remote code execution attacks if the browsers visit websites containing specially crafted malicious code.
The company says it is in the process of correcting the problem, and has apparently made a few initial steps toward a permanent fix. It says there is no workaround available.
The flaw allows websites containing a certain code pattern to open a WebEx session to the browser and “to execute arbitrary code on the affected system, which could be used to conduct further attacks,” according to a Cisco advisory.
Source: Infoworld.com | Security