Saturday, 11 June 2016

On 02:52 by admin   1 comment
It used to be one of the biggest irritations on the web. You would be visiting a website, click on a link and then – without warning – find that Adobe Acrobat Reader was cranking into action, in order to show you the PDF file that the site wanted you to see.

Many was the time when I muttered under my breath that the least the site could have done was warn me that I was about to click on a .PDF file, so I could make an informed decision for myself.

Part of my complaint wasn’t that it was just a pain reading Acrobat PDF files on the web – it was also potentially dangerous. Over the years there have been many many instances of malicious hackers exploiting vulnerabilities in Adobe’s Acrobat Reader, boobytrapping their PDF files by embedding – for instance – Javascript code that would conduct unauthorised actions and compromise PCs.

So when browsers began to include alternative PDF readers in their code, such as PDFium which comes with Google Chrome web browser, there was something of a sigh of relief. A different code base meant that – hopefully – the Chrome PDF reader wouldn’t be vulnerable to the same exploits as Adobe’s version, and one would hope that the user experience of opening PDF files would be a lot more streamlined too.

However, that improved user experience may have inevitably resulted in some users thinking that PDF files were somehow now safe.

But, as we know all too well, there is no such thing as bug-free code. And sure enough this week it has been revealed that PDFium, Chrome’s default PDF reader, contained an exploitable vulnerability (known as CVE-2016-1681) that could have resulted in malicious code being run on innocent users’ systems.

1 comment:

  1. So with all these extensions available, how do you choose the one, or the collection, which will help you the most? chrome extension tutorial