An exposed debugging endpoint in the browser in Google Chrome on Android before 72.0.3626.81 allowed a local malicious user to obtain potentially sensitive information from process memory via a crafted Intent.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
debian debian linux 9.0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
Kit-Kat API whacked, don't give hackers your phone. This WebView came rolling home Google takes a page from Microsoft of old and revives browser ballot on Android
Smartphones and other gadgets running Android 4.4 or later contain a bug that can be exploited by rogue apps to steal website login tokens and spy on owners' browsing histories. Those stolen authentication tokens can be used by a malicious application, such as a dodgy quiz app or game, to log into sites as the gizmo's owner to siphon off their information or meddle with their online accounts. This is according to Sergey Toshin of security house Positive Technologies, who took credit for the disc...