14 DAY TRIAL // A security vulnerability in Google’s Chromium allows hackers to reach personal data stored on Android devices.
Discovered by Positive Technologies researcher Sergey Toshin in December, the vulnerability was reported to Google in January, with a patch already available for Android users.
Google, however, has barely mentioned the flaw in the release notes of its January update, explaining that it resolved a high-severity vulnerability documented in CVE-2019-5765 and described as an insufficient policy enforcement in the browser.
But according to Positive Technologies, because the WebView component is the one affected by the flaw, any Android release since version 4.4 is exposed to hackers. And obviously, since Chromium is the engine that’s being impacted, it’s not just Google Chrome the browser that could allow hackers to break into Android devices, but all the other applications using the same engine.
No signs of active exploits so far
"The WebView component is used in most Android mobile apps, which makes such attacks extremely dangerous. The most obvious attack scenario involves little-known third-party applications. After an update containing a malicious payload, such applications could read information from WebView. This enables access to browser history, authentication tokens and headers (which are commonly used for login in mobile apps), and other important data,” Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, explained.
Needless to say, users need to update to the latest version of Google Chrome and the other applications installed on their devices that use the same engine and the WebView component.
There’s no information right now as to whether the bug was actively exploited by hackers or not, but given that it’s now making the headlines, the risks of being targeted due to running an older version of Google Chrome are much higher.
You can download the latest Google Chrome APK from Softpedia using this link.