A new found vulnerability in Google’s Chromium based browser could allow hackers to steal sensitive data. The vulnerability was first discovered by the researchers at Positive Technologies.
Sergey Toshin, the researcher who first uncovered the bug alerted Google back in January of 2019. Google was quick enough to fix the bug in January itself. Two months after the fix was released, Positive Technologies have now released a repot describing the bug in detail and how it impacts the users. The bug affected Android’s WebView component, which is commonly used to display pages inside Android app.
After an update containing a malicious payload, such applications could read information from WebView. This enables access to browser history, authentication tokens commonly used for login in mobile apps, and other important data.
– Positive Technologies
Google has already released a patch for everyone using devices running Android 7.0 and above. For the rest, Google patched the WebView directly through a Store update.
Via: The Verge