Cisco Talos researchers spotted a vulnerability in PDFium, Google Chrome's default PDF reader, that could allow an attacker to gain arbitrary code execution.

The bug was caused by a heap buffer overflow vulnerability in the jpeg2000 image parser library used by PDFium, Cisco Talos threat researcher Earl Carter said in a June 8 blog post.

An attacker could have exploited the vulnerability if a user viewed a PDF document that included an embedded jpeg2000 image, the post said.

“The most effective attack vector is for the threat actor to place a malicious PDF file on a website and then redirect victims to the website using either phishing emails or even malvertising,” Carter told SCMagazine via emailed comments.

Researchers promptly notified Google and a patch was released on May 25. Chrome automatically updates itself and users only need to ensure they have restarted their browser since the release of the patch.