Adobe bundles Chrome plugin with Reader fixes

The plugin means Chrome users can easily convert web pages to PDF

Adobe Reader's latest security update appears to have an added extra a Google Chrome extension, which adds the Adobe Acrobat plugin to your Chrome browser.

Although it's nothing malicious it just enables any Chrome user to easily convert web pages into PDF the fact Adobe is doing this without informing users beforehand has been criticised by the security community.

One researcher, Troy Hunt, noticed strange goings on when he was installing the update, which was designed to fix a flaw that could potentially allow hackers to take control of the user's system.

Hunt told Wired: "[The plugin] auto-installed. I literally walked up to my PC and the prompt was already there."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The prompts he refers to include allowing Chrome to read and change all data on the websites a user visits, manage downloads and communicate with cooperating native applications.

The plugin isn't activated until these permissions receive the OK, however, it's important to note that if the requests for access are rejected, the Adobe Reader security fix will still be installed properly.

While this incident seems simply to be a case of Adobe trying to boost installations of the Reader plugin on Chrome, throwing up prompts that look like they're part of the security fix installation but in reality are malicious it a technique often used by hackers.

In a support document, Adobe said: "Information collected [by the plugin] will be used to develop new features and improve Adobe products," adding that no personally identifiable information is sent back to the company. It also said that, although the plugin does see what URLs the user visits in order to "allow the extension to convert HTML content to PDF", it doesn't send this information back to Adobe either.

Main image credit: Bigstock

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020