Skip to main content

Posts

Showing posts with the label Nightwatch Cybersecurity Chrome for Android prior to version 70 are affected

Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure

Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities. The vulnerability, which has not yet given any CVE number, is an information disclosure bug that resides in the way the Google Chrome for Android generates 'User Agent' string containing the Android version number and build tag information, which includes device name and its firmware build. This information is also sent to applications using WebView and Chrome Tabs APIs, which can be used to track users and fingerprint devices on which they are running. For example:  Mozilla/5.0 (Linux; Android 5.1.1;  Nexus 6 Build/LYZ28K ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.34 Mobile Safari/537.36 Yakov Shafranovich