Main Vulnerability Database Vulnerabilities #VU7959

#VU7959 Backdoor in Social Fixer (Chrome extension)

Published: August 16, 2017 / Updated: November 22, 2018

Vulnerability identifier: #VU7959

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Social Fixer (Chrome extension)

Software vendor:
Social Fixer

Description

The vulnerability allows a remote attacker to gain unauthorized access to victim's browser.

The vulnerability exists due to presence of backdoor code in Social Fixer Google Chrome extension 20.1.1, distributed via Google Web Store.

Remediation

Update to version 20.2.0 or later.

External links

https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree
https://www.facebook.com/socialfixer/posts/10155117415829342

#VU7959 Backdoor in Social Fixer (Chrome extension)

Description

Remediation

External links

Please verify you're human