Main Vulnerability Database Vulnerabilities #VU7959

Backdoor in Social Fixer (Chrome extension) - #VU7959

Published: August 16, 2017 / Updated: November 22, 2018

Vulnerability identifier: #VU7959

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Social Fixer

Affected software:
Social Fixer (Chrome extension)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to victim's browser.

The vulnerability exists due to presence of backdoor code in Social Fixer Google Chrome extension 20.1.1, distributed via Google Web Store.

Remediation

Update to version 20.2.0 or later.

Sources

https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree
https://www.facebook.com/socialfixer/posts/10155117415829342

Backdoor in Social Fixer (Chrome extension) - #VU7959

Detailed vulnerability description

Remediation

Sources

Please verify you're human