Google closes vulnerabilities in Chrome for Android

In the recently published version 18.0.1025308 its Chrome browser for Google Android 7 includes classified as moderate vulnerabilities. For each of the explorers got a reward of $ 500. The blog post describes the error only in general, and the bug database reveals nothing about her.

Two vulnerabilities affect cross-application scripting (UXSS), so use of weaknesses in the browser for a XSS attack (XSS). Appropriate URLs with the scheme "file" could apparently due to two further errors authentication data (credentials) to share, and a bug granted JavaScript code to access Android APIs.

UXSS a gap had been recently discovered in the desktop version of Chrome. In March 2012, Google paid the Pwnage participants Sergey Glazunov for a record bonus of $ 60,000.

In another blog post, the Chrome developers say that they have improved the security of the sandbox, and the browser is better protected against malicious web applications. The new function using the "technology of the user ID-isolation" and will be automatically enabled for users of Android 4.1. How does it work exactly, and whether they will be retrofitted to older versions of Android, is not given in the post.

No comments:

Post a Comment