PT-2025-41313 · Google · Web Developer For Chrome
Published
2025-10-08
·
Updated
2025-10-14
·
CVE-2017-20202
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Web Developer for Chrome versions prior to 0.5.0
Description
The Web Developer for Chrome extension contained malicious code that generated a domain using a domain generation algorithm (DGA) and retrieved a remote script. This script loaded modules that performed ad substitution, malvertising, redirection to affiliate programs via fake “repair” alerts, and attempted to steal credentials during user login. Injected components identified common banner sizes for ad replacement and redirected traffic to affiliate websites. Potential consequences included user-level code execution within the browser, large-scale ad fraud, traffic hijacking, credential theft, and exposure to further malicious payloads.
Recommendations
Update to Web Developer for Chrome version 0.5.0 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Web Developer For Chrome