VDB
GCVE-110-OSM-2026-5220
GCVE-110-OSM-2026-5220
Advisory PublishedCVSS 9.6/10
Typosquatting attack. Similar to popular package: unknown. Behaviors: data exfiltration, code execution, obfuscated code.
Entrypoint: lib/puppeteer/puppeteer-core.js (main: ./lib/puppeteer/puppeteer-core.js)
Exfil: https://source.chromium.org/chromium/chromium/src/+/main:components/autofill/core/browser/field_types.cc (custom-c2, recovery: plaintext in lib/es5-iife/puppeteer-core-browser.d.ts)
Payload: lib/es5-iife/puppeteer-core-browser.js
Secondary files: lib/es5-iife/puppeteer-core-browser.d.ts, lib/types.d.ts
Key findings:
- Global Variable Shadowing in lib/es5-iife/puppeteer-core-browser.js: "const module = {"
- Global Variable Shadowing in lib/puppeteer/common/ScriptInjector.js: "const module = {"
- Corporate Environment Targeting in src/cdp/EmulationManager.ts: "tMostOnceForArguments
async #emulateIdleState(
client: CDPSession,
idl..."
- Global Variable Shadowing in src/common/ScriptInjector.ts: "const module = {"
- Startup Persistence in lib/es5-iife/puppeteer-core-browser.d.ts: ".Profile"
IOCs:
- ipv4: 7.2.1.0
- urls: https://chromedevtools.github.io/devtools-protocol/, https://pptr.dev/webdriver-bidi, https://pptr.dev/docs, https://pptr.dev/api, https://pptr.dev/contributing (+45 more)
- domains: chromedevtools.github.io, pptr.dev, developer.chrome.com, source.chromium.org, webbluetoothcg.github.io (+21 more)
- payloadFileHash: d9738a593fe5cb3054993db7158a3dca453856dcd5fdbfcf1e7c53e13f4bf17f
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | puppeteer-core | 25.1.0 (affected) | — |
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.