Security researchers discovered several malicious PDF documents exploiting a Google Chrome Zero-day vulnerability to steal users data.
When the user opens the malicious PDF document using Google Chrome, it was observed collecting user’s data and sending to a remote server belonging to the attacker.
“Since late December 2018, EdgeSpot has detected multiple PDF samples in the wild which exploit a Google Chrome zero-day flaw. The exploited vulnerability allows the sender of the PDF files to track the users and collect some user’s information when they use Google Chrome as a local PDF viewer.”
According to researchers, the samples worked properly when opened using Adobe Reader but it showed some suspicious outbound traffic when opened using Google Chrome.
The stolen data were sent to the domain “readnotify.com” via HTTP POST request without any user interaction.
The stole user data includes the IP address of the user, operating system and Google Chrome versions and the full path of the PDF file on the user’s computer.
Researches notified Google about the issue in December and responded back by saying it will address the issue in April security update.
“We decided to release our finding prior to the patch because we think it’s better to give the affected users a chance to be informed/alerted of the potential risk, since the active exploits/samples are in the wild while the patch is not near away.” said in the post published by researchers.
Users are advised to not to open the PDF file using Google Chrome for time being and use an alternate PDF viewer application to view the files.