Published in News

Adobe pushed insecure spying Chrome browser extension

by on24 January 2017

And it can be hacked

Adobe installed a browser extension for Google Chrome alongside an update for the company's Adobe Acrobat Reader DC software.

The extension allows users to turn web pages into PDF documents. But it also phones home with telemetry data.

The move angered more than a few because the “feature" was not mentioned in the changelog, and you could not block it. Chrome's security mechanism did stop it being enabled automatically and users were asked if they wanted to enable the Adobe Acrobat extension in Chrome, or remove it.

But the Chrome extension that Adobe pushed out to user systems was more insecure than Woody Allen on stage with an army of underwear models.

Google had a look under the bonnet and found that the code and a JavaScript code execution bug that put the then 30 million systems the extension was installed on at risk.

Adobe has rushed out a security update for the Adobe Acrobat extension for Chrome after Google growled at it. This update addresses a cross-site scripting vulnerability rated important that could potentially lead to JavaScript execution in the browser.

What is a little worrying is that Adobe thinks it is OK to push stuff out on its users in this way. Some are even saying that it means you absolutely cannot trust the software it installs.

Last modified on 24 January 2017
Rate this item
(0 votes)

Read more about: