An Android Vulnerability Went Unfixed for Over Five Years

Update your phone. Just in case.

By the way, you can also use Bromite.org as your SystemWebView. And don't use Chrome Browser, Samsung etc. Use Fennec or FireFox Klar or other ones. Both are available at F-Droid.

 

With more than 2 billion users, Android has a staggering number of devices to protect. But a "high-severity" bug that went undetected for more than five years—that attackers could exploit to spy on a user and gain access to their accounts—serves as a reminder that Android's impressive open source reach also creates challenges for defending a decentralized ecosystem.

Discovered by Sergey Toshin, a mobile security researcher at the threat detection firm Positive Technologies, the bug originated in Chromium, the open-source project that underlies Chrome and many other browsers. As a result, an attacker could target not only mobile Chrome, but other popular mobile browsers built on Chromium. Even more specifically, Chromium powers an Android has a feature ...

Positive Technologies disclosed the bug to Google in January, and the company patched it as part of Chrome 72 at the end of that month. Devices running Android 7 or later should be able to get the update through general Chrome updates, but devices running versions of Android 5 and 6 will need to install a special update for WebView through Google

 

Full article - wired.com

 

Leave a Reply

Your email address will not be published. Required fields are marked *