Sunday, March 24, 2019
Home / Security / Exploits / Android Chrome Vulnerabilities fixed in this weeks updates

Android Chrome Vulnerabilities fixed in this weeks updates

Google has released a security update for its Chrome browser on Android devices, solving seven medium-risk vulnerabilities and paying out a overall of $3,500 in rewards to two researchers.

The update repairs two medium-rated bugs reported by Artem Chaykin for which he obtained a sum of $1,000 in rewards. The first fixes an issue with data and credential disclosure by file:// URLs and the second resolves a problem with current-tab cross-application scripting (UXSS).

Google pushed these updates on the same day that Jon Oberheide of Duo Security published a blog post showing the findings of their X-Ray projects, which revealed that more than half of Android devices contain vulnerabilities that could be exploited by attackers to take complete control of user’s devices.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$500] [138210Medium Information and credential disclosure by file:// URLs. Credit to Artem Chaykin.
  • [$500] [138035Medium Current-tab cross-application scripting (UXSS). Credit to Artem Chaykin.
  • [$500] [144813Medium UXSS via Intent extra data. Credit to Takeshi Terada.
  • [$500] [144820Medium Information and credential disclosure by file:// URLs. Credit to Takeshi Terada.
  • [$500] [137532Medium Android APIs exposed to JavaScript. Credit to Takeshi Terada.
  • [$500] [144866Medium Bypassing same-origin policy for local files with symlinks. Credit to Takeshi Terada.
  • [$500] [141889Medium Cookie theft by malicious local Android app. Credit to Takeshi Terada.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …