Google Chrome Zero-Day Lets Hackers Harvest User Data
A zero-day vulnerability in Google Chrome allows hackers to harvest personal data using nothing else than malicious PDF documents loaded in the browser.
Discovered by EdgeSpot, the security flaw is already being exploited in the wild and an official fix would only be released by Google in late April.
The PDF documents do not appear to leak any personal information when opened in dedicated PDF readers like Adobe Reader. However, it seems the malicious code specifically targets a vulnerability in Google Chrome, as opening them in the browser triggers outbound traffic to one of two different domains called burpcollaborator.net and readnotify.com.
The exposed data includes the IP address of the device, the operating system and Google Chrome versions, as well as the path of the PDF file on the local drives.
Interestingly, the malicious PDF documents aren’t detected as potentially… (read more)