Chrome bug lets hackers collect user data via PDF files

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Affiliate Disclosure
Share this article:

  • EdgeSpot discovered an intriguing zero-day vulnerability exploiting PDF documents in Chrome.
  • This vulnerability can harm you by harvesting the sensitive data on your PC. 
  • Explore our Web & Cloud page for more insights about other tools and services. 
  • If you're interested in browsers, we provide plenty of information about them in our Browsers Hub.
Chrome bug lets hackers collect user data from your PDF files
Instead of fixing issues with Chrome, you can try a better browser: Opera You deserve a better browser ! 350 million people use Opera daily, a fully-fledged navigation experience that comes with various built-in packages, enhanced resource consumption and great design. Here's what Opera can do:
  • Easy migration: use the Opera assistant to transfer exiting data, such as bookmarks, passwords, etc.
  • Optimize resource usage: your RAM memory is used more efficiently than Chrome does
  • Enhanced privacy: free and unlimited VPN integrated
  • No ads: built-in Ad Blocker speeds up loading of pages and protects against data-mining
  • Download Opera

Exploit detection service EdgeSpot discovered an intriguing Chrome zero-day vulnerability exploiting PDF documents.

The vulnerability allows attackers to harvest sensitive data using malicious PDF documents opened in Chrome. 

As soon as the victim opens the respective PDF files in Google Chrome, a malicious program starts working in the background by collecting user data.

The data is then forwarded to the remote server that is being controlled by the hackers. You might be wondering what data is being sucked by the attackers, they target the following data on your PC:

  • IP address
  • Full path of the PDF file on the system
  • OS and Chrome versions

Beware of malware-ridden PDF files

Experts spotted that one of the two domains readnotify[.]com or burpcollaborator[.]net was receiving the data.

They revealed that the attackers are using the this.submitForm() PDF Javascript API to collect the sensitive information of the users.

We tested it with a minimal PoC, a simple API call like this.submitForm(‘’) will make Google Chrome send the personal data to

This Chrome bug was being exploited by two distinct sets of malicious PDF files, both of them circulated in October 2017 and September 2018, respectively.

Notably, the collected data can be used by the attackers to fine-tune attacks in the future. Reports suggest that the first batch of files was compiled using ReadNotify’s PDF tracking service.

Users can utilize the service to keep track of user views.  EdgeSpot has not shared any details regarding the nature of the second set of PDF files.

Quick tip: Change your browser to Opera

In these troubled times, we are attacked with malware, phishing, and trojans at every step so we have to be a lot more vigilant and stay protected.

And as this is a problem specific to Chrome, you can avoid that threat and all others with a security-oriented browser like Opera.

This browser comes with a built-in ad blocker that not only clears such distractions but also blocks analytics scripts, tracking pixels, and methods to collect your data. 

And if you want to be absolutely sure that you stay away from any danger, get behind the built-in VPN service that is 100% free to use for unlimited time.



Opera offers the perfect threat protection with the built-in ad-blocker and VPN service for free!
Get it free Visit Website

How can I stay protected from PDF vulnerabilities?

Download Adobe Acrobat PRO

Run a System Scan to discover potential errors

Restoro Scan
Click Start Scan to find Windows issues.
Restoro Fix
Click Repair All to fix issues with Patented Technologies.
Run a PC Scan with Restoro Repair Tool to find errors causing security problems and slowdowns. After the scan is complete, the repair process will replace damaged files with fresh Windows files and components.

Adobe Acrobat PRO

Adobe and Chrome make a good match when it comes to handling PDF files. By installing the Adobe Extension for Chrome, you can review and manipulate PDFs to your liking without leaving your favorite browser.

Despite its robust structure, malware hidden in PDF files might not get detected if you’re using the standard version of the Reader.

The professional version is recommended to guarantee your protection and keep your data away from hackers.

Although it’s not free, the price you will pay is rather small for the plethora of additional features you will enjoy including the enhanced security of your PDF files.

There is also a 7 days free trial included so that you can get a taste of the full Pro experience before making the purchase.

Adobe Acrobat PRO

Adobe Acrobat PRO

Stay away from malware by downloading Adobe Acrobat PRO. It’s got plenty of more feature than the free version and keeps your data safe.
Free Trial Visit website

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install Private Internet Access now and secure yourself. It protects your PC from attacks while browsing, masks your IP address, and blocks all unwanted access.

The Exploit detection service EdgeSpot wanted to alert the Chrome users about the potential risks because the patch was not expected to be released in the near future.

EdgeSpot reported to Google about the vulnerability last year and the company promised to release a patch late April.

However, you can consider using a temporary workaround to the problem by locally viewing the received PDF documents using another reader app.

Alternatively, you can also open your PDF documents in Chrome by disconnecting your systems from the Internet.

FAQ: Learn more about Chrome extensions

  • Does Privacy Badger work with Chrome?

Yes, it does. But if you want a broader selection, explore our top picks for Chrome privacy extensions in this complete guide.

  • Can you edit PDFs in Chrome?

There are a lot of extensions that allow PDFs processing. Check out our excellent guide about the best PDF extensions for Chrome.

  • Does Google have a QR code generator?

It doesn’t but you can activate it quickly. Here’s our comprehensive guide on how to enable the QR code generator in Chrome.

Editor’s Note: This post was originally published in April 2020 and has been since revamped and updated in August 2020 for freshness, accuracy, and comprehensiveness.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).
Restoro has been downloaded by 0 readers this month.
Editor's Note: This article was originally published in March 2019 and was revamped and updated in August 2020 for freshness, accuracy, and comprehensiveness.