Your one-stop web resource providing safety and security information to manufacturers

Cisco’s WebEx extension for Chrome, after a few iterations, is now fixed.

Google bug hunter Tavis Ormandy released last week there was a remotely exploitable code execution flaw in the WebEx extension.

Cisco Patches TelePresence, Expressway Holes
Cisco Fixing WebEx Extension
Cisco Clears Cloud Fault
Passwords Reset on Cisco Careers Portal

Since then, Cisco released updates in quick succession. The problem was, they did not appear to be as complete.

Cisco just released version 1.0.7 (the initial update to fix the flaw was 1.0.3).

Schneider Bold

The latest update of the security advisory said WebEx extensions for Firefox and Internet Explorer on Windows systems also had the same flaw, which then required an update.

Cisco WebEx browser extensions for Mac or Linux, and Cisco WebEx on Microsoft Edge did not suffer from the issue.

The company has offered users the option to switch to Microsoft Edge to join and participate in WebEx sessions, and released a Meeting Services Removal Tool that can help them remove all WebEx software from a Windows system.

Malicious web requests aimed at exploiting the flaw can also end up blocked by those using web proxies or web gateways by creating a specific URL filtering policy. The policy would not allow URL requests containing the flaw triggering string pattern through.

Pin It on Pinterest

Share This