Android Browser flaw gives scripts access to passwords, cookies and more

Scorpus

Scorpus

Posts: 2,162   +239
Staff member

A vulnerability has been found in the Android Browser that could potentially have serious privacy implications for its users. If the flaw in the browser is exploited correctly, a malicious third party could gain access to passwords, cookies, keyboard input, and more with a simple JavaScript injection.

The flaw involves the Android Browser's Same Origin Policy, which should prevent one website from gaining access to content from another website. As the researcher who discovered the bug, Rafay Baloch, has realized, if you craft your JavaScript code in a particular way, the Same Origin Policy can be ignored completely thereby giving the code free reign over browser content.

The vulnerability was initially reported to Google by Baloch, who told him that they couldn't reproduce the issue. However, Google has since begun listening after reports of the issue became more widespread, and currently they say they're working on a solution.

The Android Browser is a discontinued browser that forms part of the AOSP software package which is included with many smartphones. While the browser used to be the default in Android, since Android 4.2 Google has switched to Chrome, which is not vulnerable in the same manner. In Android 4.4 the last remaining portions of the Android Browser (embedded webpages in apps) were removed in favor of Chrome.

Despite the switch to Chrome, around half of the total Android user base still uses the Android Browser for one reason or another. Although Google is developing a fix to the problem, Android updates are typically quite slow at reaching all the necessary users, so many people could remain vulnerable for the foreseeable future.

If you're an Android user currently using the Android Browser, we recommend switching to an alternate browser to keep safe, such as Chrome (the Android default) or others like Firefox and Opera.

Permalink to story.

https://www.techspot.com/news/58095-android-browser-flaw-gives-scripts-access-to-passwords-cookies-and-more.html

 
I find using any web browser a pain in the butt on mobile devices. Fortunately I now spend most of my time at home so mobile browsing is unimportant to me but when I do occasionally use it, it's Chrome by default.
 
I find using any web browser a pain in the butt on mobile devices. Fortunately I now spend most of my time at home so mobile browsing is unimportant to me but when I do occasionally use it, it's Chrome by default.
Click to expand...
Chrome?!! How do you cope? I'm not saying jump on board with IE, which is actually not that bad of a browser, but seriously?
 
I use Opera on my phone which works well for me. I don't care for Chrome on the phone. I never used their built in browser, it is far too basic for me. However for the average phone user, that is some scary stuff right there. Another reason they should have a basic phone to begin with. Smart phones are overkill for most users, but heavy advertising, carriers removing basic phones from inventory in order to sell more smart phones, and shiny red ball syndrome have made it so pretty much everyone has a smart phone whether they can use it or not.
 
Wow, some guests are not very bright! This is about Android, IE has not been ported, nor should it be.
 
  • Like
Reactions: Jim$ter
Wow, some guests are not very bright! This is about Android, IE has not been ported, nor should it be.
Click to expand...
At least we now know some guest personalities are brighter than others.
Click to expand...
Oops, my bad. Would pay to read all the way through a statement before commenting, so I'll be the bigger individual here and apologise about deviating from the topic of mobile browsers as I was under the impression he was talking about the desktop client. However, in light of our esteemed co-commenters and their shallow attempts at insults and what I assume to be humour, I shall simply state, "go get a life". Whatever your issues with IE, there is no need to be an a5s about it. The browser is as capable as any out there, mobile included, and I truly do hope it will be ported one day but those with the giant chip on their shoulder seem to outnumber those that don't so it will probably never happen. I still pity you for using that crappy browser Chrome, in whatever incarnation you chose to use it in, but that's just my opinion and you are of course entitled to yours.
 
"While the browser used to be the default in Android, since Android 4.2 Google has switched to Chrome, which is not vulnerable in the same manner. In Android 4.4 the last remaining portions of the Android Browser (embedded webpages in apps) were removed in favor of Chrome.

Despite the switch to Chrome, around half of the total Android user base still uses the Android Browser for one reason or another."​

Half of all Android users don't know how to update their phones to the latest OS???
 
You must log in or register to reply here.

Similar threads

A
Google's Chrome browser is coming to Android-compatible cars
Replies
4
Views
185
maxxcool7421
M
Daniel Sims
Windows 11 Android support ends next March
Replies
5
Views
169
trents
T
D
Google fixes critical Android flaw that could be exploited to hack your phone remotely
Replies
6
Views
287
envirovore
envirovore

Latest posts

Back