Chrome users who haven’t restarted their browser recently should do so immediately to receive a patch for a high-severity flaw in the browser’s built-in PDF reader. Attackers could execute arbitrary code on the user’s system by tricking them into opening a PDF document containing a malicious image, according to researchers at Cisco Talos.
“The most effective attack vector is for the threat actor to place a malicious PDF file on a website and then redirect victims to the website using either phishing emails or even malvertising,” Cisco Talos wrote in a blog post disclosing the vulnerability.