Researchers have discovered a critical vulnerability in Google’s Chromium browser that could be used to steal personal data. Positive Technologies researcher Sergey Toshin uncovered the bug last December and disclosed it to Google in January, which patched the bug a few weeks later. There’s no sign that it was actively exploited, but given the broad reach of the vulnerability, it’s difficult to be sure.
The bug was briefly disclosed in Google’s patch notes from January, described only as a high-severity vulnerability with “insufficient policy enforcement.” After a new report from Positive Technologies, we now know that the bug affected Android’s WebView component, which is commonly used to display pages inside Android apps. More broadly,…
from The Verge – All Posts https://ift.tt/2CpJKlN