Backdoor in Web Developer (Chrome extension) - #VU7955

Vulnerability identifier: #VU7955

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Chris Pederick

Affected software:
Web Developer (Chrome extension)

The vulnerability allows a remote attacker to gain unauthorized access to victim's browser.

The vulnerability exists due to presence of backdoor code in Web Development Google Chrome extension 0.4.9, distributed via Google Web Store.

Update to version 0.5.

• http://chrispederick.com/blog/web-developer-for-chrome-compromised/