Insufficient validation of untrusted input in Intents in Google Chrome on Android before 95.0.4638.69 allowed a remote malicious user to arbitrarily browser to a malicious URL via a crafted HTML page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
fedoraproject fedora 34 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Or so says Google after tracking 30+ vendors peddling surveillance malware
Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG). The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and CVE-2021-38003) and one in Android (CVE-2021-1048) to infect devices with the surveillance-ware. Based on CitizenLab's analysis of Predator spyware, Google's bug hun...