Experts from the security firm EdgeSpot have discovered a new zero-day vulnerability affecting Google Chrome web browser. The vulnerability allows attackers to steal data from users who opened PDF files inside Chrome’s built-in PDF viewer.
Luckily, most of users didn’t get affected by this vulnerability because there is no suspicious activity if the malicious PDF files are opened with PDF readers such as Adobe Acrobat, or using Microsoft Edge browser. It seems the vulnerability is only for Google Chrome. When a user opens an infected PDF file with Google Chrome, outbound traffic redirects the user data to two domains (readnotify.com and burpcollaborator.com). These two websites then collect exposed user information which includes IP address, Operating System and Google Chrome version used on the PC. Along with this, a full path of the PDF file on the user’s computer is also collected.
Unfortunately, infected PDF files is hard to detected. It can bypass Google Chrome’s integrated protection along with third-party anti-virus tools. Therefore, the best way to avoid the new Zero-day vulnerability is to avoid opening any PDF files from Google Chrome. If you have to do this, make sure you only open the files from trusted resources. Google is preparing a patch for late April 2019.