Ramblings of an old Doc

 

January saw Adobe update its extension on Chrome browser systems. It did this silently alongside its "Adobe Acrobat Reader DC" software.

No one saw this in the changelog, nor was there a "Do not install the extension" choice. Supposedly users got a Chrome notification after they opened the browser to enable it or delete it after the update. I don't remember any notification. 

When I checked my extensions, it was there, but not enabled. I've done away with it.

The extension is not secure and just adds more vulnerabilities to the browser, so I suggest you give it the heave-ho as well.

There are a few things you can do about this, per gHacks:

  1. Do nothing. Not recommended.
  2. Remove all Adobe products from your computer systems. If you don't rely on them, this is the best and only option to ensure that Adobe won't push another extension to your systems in the future.
  3. Blacklist the Chrome extension using Chrome policies for devices. The extension ID is efaidnbmnnnibpcajpcglclefindmkaj, and you find the option to do so in the Group Policy under Computer > Policies > Administrative Templates > Google > Google Chrome > Extensions > Configured extension blacklist. Blacklisting won't prevent Adobe from pushing other extensions to systems though.

Source:

http://www.ghacks.net/2017/01/21/adobe-pushed-insecure-adobe-acrobat-extension-to-chrome-systems/?_m=3n%2e0038%2e1961%2ehj0ao01hy5%2e21ih



Comments
on Jan 21, 2017

Adobe issued a patch 2 days ago that fixed the vulnerability.

Simple matter to update the extension: https://helpx.adobe.com/security/products/acrobat/apsb17-03.html

Once updated, the 'safe' version should be listed as 15.1.0.4.

Fortunate for me, as I use it every day in my work.

on Jan 21, 2017

Looks like Adobe may also have silently updated the extension.  Went to update it in my other rig and 15.1.0.4 was already there.

As always, thanks again for the heads up, Doc.

on Jan 21, 2017

SIlent updates are "wrong"...especially without choice or changelogs.

Unfortunately they'll probably repeat this in the future...

on Jan 21, 2017

Wrong, but becoming a fact of life, particularly with Win10.  I'm with you on that score.  Gates no doubt thought he was creating something cool, something that would liberate people and open vistas of knowledge & productivity unheard of before (which was true), only to now see it become increasingly a tool of control.

on Jan 21, 2017

Only extension on mine is adblock. Did away with all the other ones that were bundled with Chrome's latest update. five of them to be exact.

on Jan 23, 2017

no idea why anyone needs acrobat readers these days.. even browsers read pdf by default (via javascript).. heck.. you can even set a default browser to read pdf (eg.. use edge to read pdf and nothing else)

on Jan 23, 2017

alaknebs

no idea why anyone needs acrobat readers these days.. even browsers read pdf by default (via javascript).. heck.. you can even set a default browser to read pdf (eg.. use edge to read pdf and nothing else)

True, but when you get companies who get in cahoots with each other, with a scratch my back I'll scratch yours situation, users are often left without a choice, with the unwanted/unneeded this or that being downloaded without the users consent or knowledge.  

For mine, there should be an enforcable law against it... but I won't hold my breath.

on Jan 23, 2017

alaknebs

no idea why anyone needs acrobat readers these days..

Depends.

Reader DC is much more than a 'reader' these days, thanks to the highly useful editing functions now built in, particularly the 'Fill & Sign' feature.  I use it every day in the course of my work.  Can't do most of what Acrobat can do, but I now need to resort to Acrobat infrequently.

Very useful in handling personal PDF documents which arrive via email that require editing &/or signatures & email return - never needs to hit actual paper.

So, it's quite handy in the right setting.

 

Meta
Views
» 7447
Comments
» 8
Sponsored Links