Friday, June 10, 2016

Google Chrome PDF Reader : Remote code execution

Do you avoid Adobe Reader and Acrobat due to the never-ending stream of security problems?  Perhaps you have done away with PDF reader software all together in favor of the viewer included with Chrome?


If you have, you will be disappointed to learn that the Chrome viewer is vulnerable to a remote code execution vulnerability.  The viewer included in Chrome, called PDFium, can be used  run code of the attacker's choice.

"A specially crafted PDF document with embedded jpeg2000 image can cause a heap buffer overflow potentially resulting in an arbitrary code execution."

Upgrade chrome to 51.0.2704.63 or newer to resolve the issue.

SOURCES:
chromium.org: TALOS-CAN-0174 - Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability
chromium.org:

No comments:

Post a Comment

Share your thoughts.