CVE-2017-20202
CVE-2017-20202 is a critical-severity vulnerability with a CVSS 4.0 base score of 9.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-506.
Key facts
- Severity: Critical (CVSS 4.0 base score 9.3)
- EPSS exploit prediction: 0% (39th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-33277
- Weakness: CWE-506
- Published:
- Last modified:
Description
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to affiliate programs, and attempted to harvest credentials when users logged in. Injected components enumerate common banner sizes for substitution, replace third-party ad calls, and redirect victim traffic to affiliate landing pages. Potential impacts include user-level code execution in the browser context, large-scale ad fraud and traffic hijacking, credential theft, and exposure to additional payloads delivered by the actor. The compromise was reported on by the maintainer of Web Developer for Chrome on August 2, 2017 and remediated in v0.5.0.
Frequently asked questions
- What is CVE-2017-20202?
- Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to affiliate programs, and attempted to harvest credentials when users logged in. Injected components enumerate common banner sizes for substitution, replace third-party ad calls, and redirect victim traffic to affiliate landing pages. Potential impacts include user-level code execution in the browser context, large-scale ad fraud and traffic hijacking, credential theft, and exposure to additional payloads delivered by the actor. The compromise was reported on by the maintainer of Web Developer for Chrome on August 2, 2017 and remediated in v0.5.0.
- How severe is CVE-2017-20202?
- CVE-2017-20202 has a CVSS 4.0 base score of 9.3, rated critical severity.
- Is CVE-2017-20202 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (39th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2017-20202?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- Does CVE-2017-20202 have an EU (EUVD) identifier?
- Yes. CVE-2017-20202 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-33277.
- When was CVE-2017-20202 published?
- CVE-2017-20202 was published on 2025-10-08 and last updated on 2026-06-17.
References
- https://chromewebstore.google.com/detail/web-developer/bfbameneiokkgbdmiekhjnmfkcnldhhm?pli=1
- https://gist.github.com/piedpiperRichard/076516da60f45842f1a6e6ae35a9a240/
- https://ui.vision/blog/chrome-extension-adware/
- https://web.archive.org/web/20170803163618/https://chrispederick.com/blog/web-developer-for-chrome-compromised/
- https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree
- https://www.vulncheck.com/advisories/web-developer-for-chrome-malicious-backdoor-supply-chain-compromise
Other CWE-506 vulnerabilities
- CVE-2026-28353 — Critical (CVSS 10.0): Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version…
- CVE-2024-3094 — Critical (CVSS 10.0): Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of…
- CVE-2026-48027 — Critical (CVSS 9.8): Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was…
- CVE-2026-8398 — Critical (CVSS 9.8): A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421…
- CVE-2026-44484 — Critical (CVSS 9.8): PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have…
- CVE-2026-6443 — Critical (CVSS 9.8): All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to…