Security Flaw in Cisco WebEx Chrome Detected

Leila Sharma

Security Flaw in Cisco WebEx Chrome Detected

Recently, a Google employee identified a critical vulnerability in the Cisco WebEx Chrome plugin that could affect NYU users. The flaw allows outside attackers to run unauthorized browser code and potentially expose computers to malware risk.  

Recommended action: Remove WebEx Chrome extension

  • 1. Open Chrome
  • 2. Click MoreMore at the top right of your Chrome browser.
  • 3. Select More tools Extensions.
  • 4. Next to the extension you want to remove, click RemoveRemove.
  • 5. Click Remove.

If an extension has an icon in your Chrome toolbar, you can right-click the icon and select Remove from Chrome.

Please check this site for updates on this issue. You may also contact security@nyu.edu or call the NYU IT Service Desk at 212-998-3333 with questions.

List of additional resources on this matter:

Overview:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

How to protect yourself:

https://blog.filippo.io/webex-extension-vulnerability/

Technical blog:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1096