Backdoor in Web Developer Google Chrome extension

Published: 2017-08-16 16:28:47
Severity Critical
Patch available YES
Number of vulnerabilities 1
CVSSv2 8.7 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
CVSSv3 9.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE ID N/A
CWE ID N/A
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Web Developer (Chrome extension)
Vulnerable software versions Web Developer (Chrome extension) 0.4.9
Vendor URL Chris Pederick
Advisory type Public

Security Advisory

1) Backdoor

Description

The vulnerability allows a remote attacker to gain unauthorized access to victim's browser.

The vulnerability exists due to presence of backdoor code in Web Development Google Chrome extension 0.4.9, distributed via Google Web Store.


Remediation

Update to version 0.5.

External links

http://chrispederick.com/blog/web-developer-for-chrome-compromised/

Back to List