Cisco Jabber is an instant messaging and web conferencing desktop app built using the Chromium Embedded Framework (CEF) A new critical severity remote code execution (RCE) vulnerability was found by researchers at Watchcom who reported it to Cisco after checking if the September patch fully mitigated. Watchcom’s researchers also spotted a second bug (CVE-2020-27132), a password hash stealing information disclosure vulnerability that can allow attackers to harvest NTLM password hashes from targets.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-new-critical-code-execution-bug-in-jabber-for-windows/