A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution (RCE) on targeted machines is being actively exploited in the wild. The issue (CVE-2017-3823) can be easily exploited as well: An attacker needs only to convince an affected user to visit a booby-trapped web page or follow an attacker-supplied link with an affected browser. The vulnerability is due to a design defect in an application programing interface (API) response parsing within the plugin.
Source: https://threatpost.com/cisco-webex-browser-bug/143285/