Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Google researcher finds major security flaw in Cisco's WebEx Chrome extension

Add as a preferred source on Google

A Google Chrome browser extension with a user base of 20 million has been updated to patch a serious security vulnerability that made it possible to run malicious code with a minimum of effort. Users of the Cisco Systems WebEx extension are encouraged to make sure that they have updated to version 1.0.3.

The issue was discovered by security researcher Tavis Ormandy, who alerted the company privately before publishing a blog post discussing the situation. Ormandy is a member of Project Zero, a team assembled by Google to hunt down zero-day vulnerabilities.

Recommended Videos

WebEx uses a 64-character string to remotely start a meeting on a PC with the extension installed. This string simply needs to be included in the URL of a file or resource hosted by a website — it can even be tucked away in a HTML-based iframe tab, making it more difficult to detect.

Ormandy found that this string could be used for much more than just initializing a WebEx session. Malicious entities could run any code or command they liked on another user’s system, simply by having them visit a site that contained this string while using the Chrome browser with the WebEx extension running.

This particular vulnerability had the potential to be catastrophic, given that it targeted a service that’s commonly used in an enterprise setting. Security researcher Martijn Grooten noted that the exploit could have caused chaos if it were combined with a ransomware attack, commenting on the situation in a report by Ars Technica.

Unfortunately, there are still some lingering worries about the security of the extension. Specifically, there are concerns that attackers would be able to take advantage of the gap in its security if Cisco’s WebEx website was to suffer a cross-site scripting vulnerability.

For now, the best recourse is to ensure that all installations of the WebEx extension have been updated to version 1.0.3. This patch should have applied automatically, but users can check for themselves by accessing the Extensions menu in Chrome.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Asus’ powerful new gaming laptop with a 240Hz Mini LED display makes its global debut
The 2026 ROG Strix G18 pairs up to RTX 5080 graphics with an Intel Core Ultra 9 290HX Plus CPU
ROG Strix G18 (2026) laptop

Asus has started rolling out the 2026 ROG Strix G18 globally, and the easiest way to describe it is as a slightly toned-down version of the ridiculous ROG Strix Scar 18. It keeps the same 24-core Intel Core Ultra 9 290HX Plus processor but tops out at an Nvidia GeForce RTX 5080 Laptop GPU instead of the Scar’s RTX 5090. (via Notebookcheck)

The Mini LED model gets the best balance

Read more
Every app on my phone has decided I need AI, and none of them bothered to ask
AI assistants are invading everything from photo libraries to messaging apps, and dismissing them only seems to guarantee they’ll return later.
Electronics, Phone, Mobile Phone

My wife doesn’t use AI very much. She isn’t philosophically opposed to it, nor is she waiting for the machines to overthrow civilization. She simply opens Google Photos because she wants to look at her photos.

Lately, however, the app keeps greeting her with invitations to try its AI tools. Google would very much like her to search her library conversationally, generate something new, or ask Gemini to edit a photo. She dismisses the prompt, gets on with her life, and eventually meets it again.

Read more
Shopping for Back-to-school? These are the gaming laptops I’d recommend
Powerful enough for AAA games, practical enough for everyday lectures, assignments, and everything in between.
oled gaming laptop

Every gamer knows the pain of trying to do too much with the wrong hardware. Back-to-School is the perfect excuse to fix that. A good gaming laptop shouldn’t just hit high frame rates -- it should also survive endless browser tabs, assignments, coding sessions, video edits, and everything else college throws at it. These five machines strike that balance better than most, which is exactly why they’d be my picks this semester.

Alienware 16 Aurora

Read more