The name PDFium might not be immediately familiar, but if you're a Chrome user there's a high chance you're using it to view PDFs. The PDF viewer is built into Google's browser, and a vulnerability has been discovered in the jpeg2000 library which could allow for malicious code to be executed. Unearthed by Aleksandar Nikolic from Cisco Talos, the heap buffer overflow vulnerability could be exploited by simply getting a user to open a PDF document with an embedded jpeg2000 image. The National Vulnerability Database entry warns that the security flaw affects versions of "Chrome before 51.0.2704.63 [and] allows remote… [Continue Reading]
Continue reading...
Continue reading...