Vulnerability Discovered in Cisco’s WebEx Extension for Chrome, Firefox and Internet Explorer

Cisco has recently disclosed a vulnerability in its WebEx extensions for Google Chrome, Firefox and Internet Explorer. This vulnerability affects all Windows machines that have the WebEx extension installed. If this vulnerability is not addressed, an attacker could execute remote code onto your computer.

If you use WebEx, an application for online meetings, with Google Chrome, it is vital that you update to version 1.0.7, the latest extension. Cisco continues to work on similar updates for Firefox and Internet Explorer. Until these updates are released, we advise you to remove those extensions from your Firefox and Internet Explorer browsers. See below for instructions.

To check for and update the Cisco WebEx Chrome extension:

  1. Open your Google Chrome browser.

  2. Type chrome://extensions into the address bar and hit Enter.

  3. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

    • If the Cisco WebEx extension is not present or the version number for the WebEx Extension is 1.0.7, there is nothing more you need to do.

    • If the version number is not equal to 1.0.7, check the Developer mode box in the top right corner of the page.

      • This will reveal a button in the top right corner called Update extensions now. Click the Update extensions now button.

      • Once the update runs, the WebEx extension version should be 1.0.7.

To remove the extension from Firefox:

  1. Open your Mozilla Firefox browser.

  2. Type about:addons into the address bar and hit enter.

  3. On the sidebar select Extensions.

  4. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  5. Click remove.

  6. Restart your browser.

To remove the extension from Internet Explorer:

  1. Open your Internet Explorer browser.

  2. Press ALT + X to open the menu.

  3. Click Manage Add-ons

  4. Under Show, select All Add-Ons.

  5. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  6. Click remove.

  7. Restart your browser.

The UISO advises you to stay up to date with the latest OS, application, and security updates, which can be found on Fordham IT’s UISO social media sites.

For any IT security concerns, contact IT Customer Care at 718-817-3999 or HelpIT@fordham.edu.

For more information on the vulnerability visit Cisco’s advisory post. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

Comments are closed.