CVE-2017-20202
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-08

Last updated on: 2025-10-14

Assigner: VulnCheck

Description
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to affiliate programs, and attempted to harvest credentials when users logged in. Injected components enumerate common banner sizes for substitution, replace third-party ad calls, and redirect victim traffic to affiliate landing pages. Potential impacts include user-level code execution in the browser context, large-scale ad fraud and traffic hijacking, credential theft, and exposure to additional payloads delivered by the actor. The compromise was reported on by the maintainer of Web Developer for Chrome on August 2, 2017 and remediated in v0.5.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-08
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-09
EPSS Evaluated
2026-06-14
NVD
CVE-2017-20202
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
copyfish copyfish 2.8.5
chrome web_developer 0.4.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-506 The product contains code that appears to be malicious in nature.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Web Developer for Chrome v0.4.9 involved malicious code that generated domains via a Domain Generation Algorithm (DGA) to fetch remote scripts. These scripts conditionally loaded additional modules that performed extensive ad substitution and malvertising, displayed fake repair alerts redirecting users to affiliate programs, and attempted to steal user credentials during login. The injected components replaced third-party ads with fraudulent ones and redirected victim traffic to affiliate landing pages. This allowed the attacker to execute code in the browser context and carry out large-scale ad fraud and credential theft.

Impact Analysis

This vulnerability can impact users by enabling user-level code execution within the browser, leading to large-scale ad fraud and traffic hijacking. It can also result in credential theft when users log in, exposure to additional malicious payloads, and redirection to fraudulent affiliate landing pages. Overall, it compromises user security and privacy.

Mitigation Strategies

Update the Web Developer for Chrome extension to version 0.5.0 or later, as the vulnerability was remediated in that version. Additionally, remove or disable the compromised version 0.4.9 to prevent malicious code execution and associated impacts such as ad fraud, credential theft, and traffic hijacking.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20202. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart