Update your phone. Just in case.
With more than 2 billion users, Android has a staggering number of devices to protect. But a "high-severity" bug that went undetected for more than five years—that attackers could exploit to spy on a user and gain access to their accounts—serves as a reminder that Android's impressive open source reach also creates challenges for defending a decentralized ecosystem.
Discovered by Sergey Toshin, a mobile security researcher at the threat detection firm Positive Technologies, the bug originated in Chromium, the open-source project that underlies Chrome and many other browsers. As a result, an attacker could target not only mobile Chrome, but other popular mobile browsers built on Chromium. Even more specifically, Chromium powers an Android has a feature ...
Positive Technologies disclosed the bug to Google in January, and the company patched it as part of Chrome 72 at the end of that month. Devices running Android 7 or later should be able to get the update through general Chrome updates, but devices running versions of Android 5 and 6 will need to install a special update for WebView through Google
Full article - wired.com