Backdoor in Web Paint Google Chrome extension

Published: 2017-08-16

Risk	Critical
Patch available	YES
Number of vulnerabilities	1
CVE-ID	N/A
CWE-ID	CWE-798
Exploitation vector	Network
Public exploit	This vulnerability is being exploited in the wild.
Vulnerable software	Web Paint (Chrome extension) Client/Desktop applications / Plugins for browsers, ActiveX components
Vendor	liang.zhou2276

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Backdoor

EUVDB-ID: #VU7958

Risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: N/A

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to victim's browser.

The vulnerability exists due to presence of backdoor code in Web Paint Google Chrome extension 1.2.1, distributed via Google Web Store.

Mitigation

Update to version 1.2.2 or later.

Vulnerable software versions

Web Paint (Chrome extension): 1.2.1

CPE2.3

cpe:2.3:a:liang_zhou2276:web_paint_chrome_extension:1.2.1:*:*:*:*:google_chrome:*:*

External links

https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.