A fix is coming next month to handle a Zero Day vulnerability in Google Chrome.
The issue could allow an attacker to get a hold of personal data via a malware-laden PDF document in the browser.
“The vulnerability allows the sender of the PDF files to track the users and collect some user’s information when they use Google Chrome as a local PDF viewer,” said researchers at EdgeSpot in a post.
“Since late last December, some interesting PDF samples were found by our engine,” researchers said. “These samples acted as ‘no problem’ when opened in popular Adobe Reader, however, they made suspicious outbound traffic when they’re opened locally on Google Chrome.
Malicious code specifically targets a vulnerability in Google Chrome, as opening them in the browser triggers outbound traffic to one of two different domains called burpcollaborator.net and readnotify.com.
“By capturing traffic in the background, we observed that some outbound traffic has been made, and data was sent to the domain “readnotify.com” while there’s no user interaction, in other words, the data was sent out silently without the user’s approval,” researchers said
The exposed data includes the IP address of the device, the operating system and Google Chrome versions, as well as the path of the PDF file on the local drives.
“We decided to release our finding prior to the patch because we think it’s better to give the affected users a chance to be informed/alerted of the potential risk, since the active exploits/samples are in the wild while the patch is not near away,” the researchers said.
“As a temporary ‘workaround,’ we suggest concerned users using alternative PDF reader application for viewing received PDF documents locally until Chrome fixes the issue, or disconnect computer from the Internet when open PDF documents in Chrome,” the researchers said.