Main Vulnerability Database Vulnerabilities #VU7955

#VU7955 Backdoor in Web Developer (Chrome extension)

Published: August 16, 2017 / Updated: November 22, 2018

Vulnerability identifier: #VU7955

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Web Developer (Chrome extension)

Software vendor:
Chris Pederick

Description

The vulnerability allows a remote attacker to gain unauthorized access to victim's browser.

The vulnerability exists due to presence of backdoor code in Web Development Google Chrome extension 0.4.9, distributed via Google Web Store.

Remediation

Update to version 0.5.

External links

http://chrispederick.com/blog/web-developer-for-chrome-compromised/

#VU7955 Backdoor in Web Developer (Chrome extension)

Description

Remediation

External links

Please verify you're human