Impact
Adobe Acrobat PDF Extension for Chrome is affected by a UXSS‑style vulnerability that allows an attacker to read data from the victim’s session. The flaw can be triggered when a user visits a maliciously crafted URL or interacts with a compromised web page. The vulnerability bypasses same‑origin restrictions, enabling disclosure of sensitive session information and other confidential data. The impact is primarily the loss of confidentiality of user session data and the possibility of session hijacking or credential theft.
Affected Systems
Adobe Acrobat PDF Extension for Chrome, versions 26.5.2.2 and earlier, are impacted. Users who have installed or upgraded to any earlier build of the extension via the Chrome Web Store are at risk.
Risk and Exploitability
The CVSS score of 7.4 indicates a high severity, but the EPSS score of less than 1% points to a low likelihood of exploitation at present. The flaw is not listed in the CISA KEV catalog. Exploitation requires a user to visit a malicious or compromised web page, so the threat vector is primarily user interaction. Given the moderate severity and low exploit probability, the overall risk is elevated but unlikely to be widely abused without targeted phishing campaigns.
OpenCVE Enrichment