Suspicious activity by certain PDF file samples was recorded and reported to Google by EdgeSpot, a free online service for “detecting known and unknown exploits.”
EdgeSpot’s engine found PDF files that were used by senders to track the users and collect their information, once they opened the files via Google Chrome’s PDF viewer.
EdgeSpot followed the traffic in the background, when one of suspicious files was opened using Google Chrome, to note that outbound traffic was sent to the domain “readnotify.com” without the user’s approval.
Personal information, such as the user’s public IP address, the full path of the PDF file on the user’s computer and the details of the user’s Operating System, gets shared with the domain.
“We wanted to clarify that 1) The issue/bug described here does NOT allow remote code execute, nor it allows to steal arbitrary data from the user 2) the issue/bug only affects users who use Chrome as local PDF viewer (for those who concern about their privacy). If you use Chrome for Internet browsing (not for local PDF viewer), there’s really nothing to worry about,” EdgeSpot explained.
Certain categories of affected filed were defined by EdgeSpot and reported to Google. Meanwhile, the service suggested alternative ways for users to work with PDF files, including avoiding Google Chrome PDF viewer, using other PDF reader applications, or simply disconnecting from the Internet while working with the files.