Computer Security
[EN] securityvulns.ru no-pyccku


Google Chrome for Android multiple security vulnerabilities
Published:10.01.2013
Source:
SecurityVulns ID:12820
Type:library
Threat Level:
5/10
Description:Multiple protection bypass and privilege escalation vulnerabilities.
Affected:GOOGLE : Chrome 18.0
CVE:CVE-2012-4909 (Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.)
 CVE-2012-4908 (Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.)
 CVE-2012-4907 (Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.)
 CVE-2012-4906 (Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.)
 CVE-2012-4905 (Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS).")
Original documentdocumentmbsdtest01_(at)_gmail.com, Chrome for Android - Cookie theft from Chrome by malicious Android app (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - Bypassing SOP for Local Files By Symlinks (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - Android APIs exposed to JavaScript (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - Download Function Information Disclosure (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - UXSS via com.android.browser.application_id Intent extra (10.01.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod