Malicious PDF documents can steal user details

Feb 28, 2019 09:12 GMT  ·  By

A zero-day vulnerability in Google Chrome allows hackers to harvest personal data using nothing else than malicious PDF documents loaded in the browser.

Discovered by EdgeSpot, the security flaw is already being exploited in the wild and an official fix would only be released by Google in late April.

The PDF documents do not appear to leak any personal information when opened in dedicated PDF readers like Adobe Reader. However, it seems the malicious code specifically targets a vulnerability in Google Chrome, as opening them in the browser triggers outbound traffic to one of two different domains called burpcollaborator.net and readnotify.com.

The exposed data includes the IP address of the device, the operating system and Google Chrome versions, as well as the path of the PDF file on the local drives.

Interestingly, the malicious PDF documents aren’t detected as potentially dangerous by security products, and only some antivirus solutions trigger a warning when scanning them.

Fix coming on April 23

The vulnerability was reported to Google on December 26, and on February 14, the company confirmed that the late-April browser update would include a fix.

“We decided to release our finding prior to the patch because we think it's better to give the affected users a chance to be informed/alerted of the potential risk, since the active exploits/samples are in the wild while the patch is not near away,” the researchers at EdgeSpot explain.

In the meantime, the easiest way to remain protected is to avoid opening any PDF documents in Google Chrome, but if you must do this, you should just stay away from files coming from sources that you do not trust. Also, you can just temporarily disconnect the computer from the Internet when opening PDF documents in Google Chrome.

The next Google Chrome release that will correct the vulnerability is Chrome 74 due on April 23.