Cisco Blogs

Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser

June 8, 2016 - 1 Comment

This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos.

PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve arbitrary code execution on the victim’s system. The most effective attack vector is for the threat actor to place a malicious PDF file on a website and and then redirect victims to the website using either phishing emails or even malvertising.

Read more >>>


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Thanks for sharing. Multi-layer security also facilitate the interoperability and scalability for security solution.