- Researchers detected malicious PDF files that exploit the Google Chrome zero-day vulnerability.
- The PDF files did not perform any malicious activities when opened in Adobe Reader, but the malicious behavior was observed only in Google Chrome.
What's the issue - Researchers from EdgeSpot detected malicious PDF files that exploit a Google Chrome zero-day vulnerability.
- The vulnerability could allow the sender of the PDF files to collect users’ information when users opened the PDF files via Google Chrome’s PDF viewer.
- The collected information included the users’ system details such as IP addresses, OS versions, Chrome versions, the path of the PDF files on the user's machine.
Worth noting - The PDF files did not perform any malicious activities when opened in Adobe Reader, but the malicious behavior was observed only in Google Chrome.
The big picture
EdgeSpot researchers noted that they observed two unique sets of malicious PDF files exploiting the Google Chrome zero-day.
- The first set of PDF files collects user information and sends to ‘readnotify[.]com’ domain.
- The second set of PDF files sends the collected information to ‘zuxjk0dftoamimorjl9dfhr44vap3fr7ovgi76w.burpcollaborator[.]net.
Why it matters - The vulnerability is going to be fixed in late April.
EdgeSpot notified Google about the issue in December 2018. However, researchers detected more samples in February 2019. Google acknowledged the Chrome zero-day exploit and promised a fix in late April. EdgeSpot notified Google and made the public disclosure on February 26, 2019.
“We decided to release our finding prior to the patch because we think it's better to give the affected users a chance to be informed/alerted of the potential risk, since the active exploits/samples are in the wild while the patch is not near away,” EdgeSpot said.