The latest update to the Adobre Acrobat Reader has been revealed to install a Chrome extension which features an anonymous data collection feature activated by default.
Data Collecting Chrome Extension Installed By Adobe Reader Update
Adobe released a new security update to their Adobe Reader which is probably the most popular PDF documents viewer. However security experts were surprised to discover that in the iteration of the program Adobe have also bundled a new Adobe Acrobat extension that is automatically installed to the Google Chrome web browser. The disturbing fact is that there is no mention of this in the official changelog.
There are two security bulletins which attribute various important fixes.
Adobe Security Bulletin APSB17-01
The released patches that are part of this bundle are updated on January 10 and address vulnerabilities for the Adobe Acrobat and Reader software for both the Microsoft Windows and Mac OS X operating systems.
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2017-2962).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2950, CVE-2017-2951, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2961).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2942, CVE-2017-2945, CVE-2017-2946, CVE-2017-2949, CVE-2017-2959, CVE-2017-2966).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2948, CVE-2017-2952).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954, CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2967).
These updates resolve a security bypass vulnerability (CVE-2017-2947).
Adobe Security Bulletin APSB17-02
The second updates bundle resolves 13 security issues in Adobe Flash Player for Windows, Gnu/Linux distributions, Chrome OS and Mac OS X.
These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).
The Data Collecting Chrome Extension Is Bundled In The Latest Adobe Reader Updates
Once the users installs the latest updates they will receive the new browser extension on their Google Chrome Web Browser. It is named Adobe Acrobat and is the same one that is available on the browser’s Web Store. It’s description reads the following:
Convert current web page to an Adobe PDF file (Windows only)
Convert web pages to PDF files
• THIS IS A WINDOWS ONLY EXTENSION
• Adobe Acrobat DC/Adobe Acrobat XI (11.0.09 or higher) must be installed on your machine
With the Adobe Acrobat extension for Chrome, it’s easy to convert web pages to rich, high-quality PDF files that maintain the look and feel of the original content.
• Easily turn web pages into PDF files that look just like the page you converted
• Quickly switch from viewing PDFs in Chrome to opening them in Acrobat on your desktop
• Explore Adobe Document Services to convert and combine files in your browser
Your use of this extension is governed by the Acrobat DC End User License Agreement (
By default the add-on enables anonymous usage data collection by default. The following information is collected:
- Browser type and version
- Adobe product information such as version
- Adobe feature usage such as menu options or buttons selected
Fortunately when the users open up their Google Chrome browsers after the security update they are presented with a pop-up that asks for their permission before the extension is activated.