News

Leak in Chromium allowed access to private data via WebView on Android

By admin
Spread the love

There is a vulnerability in Chromium up to version 72 that could allow attackers on Android smartphones to access certain data, such as authentication tokens. The vulnerability can be exploited via Instant Apps.

In addition to authentication tokens, the leak also gave access to browsing history, security firm Positive Technologies told Venturebeat. The company doesn’t provide a roadmap for how malicious people can exploit the vulnerability, but it appears developers could include a payload with an Instant App on Android, which users open by clicking a link.

Google described the leak in a changelog as “inadequate enforcement of policy.” The leak is in Chromium, the engine for WebView in Android. A fix is ​​included from Chromium version 73. Updates for Android devices come automatically through the Play Store. For Android devices without Google, this must come from the manufacturer or via sideloading. It is unknown whether malicious parties have exploited the vulnerability.

Since it is a leak in Chromium, some other browsers were also affected, such as Yandex browser and Samsung Internet browser. The vulnerability is known as CVE-2019-5765.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory