Attackers are taking advantage of an unprotected vulnerability in the Google Chrome PDF reader to collect data about attacked systems. This concerns IP address, operating system used, Chrome version and the full path of the PDF file on the computer.
Malicious PDF files
That is what security firm EdgeSpot reports. Malicious PDF files that abuse the vulnerability have been identified since December. Once Chrome users open the PDF files with the browser, information about the system is sent to a server.
Google has been warned
EdgeSpot warned Google at the end of December. In February, the internet giant announced that it will issue a security update for the browser at the end of April. Because of the potential risk for Chrome users, the security company has decided to publish details already.
What to do
Chrome users are advised to use an alternative PDF reader or disconnect the computer from the internet if PDF documents are opened.
Change your settings
Settings -> Advanced -> Privacy and Security -> Content Settings -> PDF Documents -> Download PDF files instead of automatically opening them in Chrome