Android Browser Bug Puts Privacy at Risk

A potentially serious security flaw has been discovered in the default Android Browser, and could allow a user to bypass the Same Origin Policy (SOP) security measures. The vulnerability affects devices that run Android versions older than 4.4 or roughly 40 to 50% of all Android users.

The issue is a universal cross-site scripting flaw that stems from how the browser handles javascript: strings preceded by a null byte character. When encountering such a string, the browser fails to enforce the same-origin policy, a security control that prevents scripts running in the context of one site from interacting with the content of other websites.

The bug reads cookies and password fields, and can extract a wealth of personal information, and easily interfere with other sites' content. Google said it is working on the problem, but when, or how, a fix will be made remains unclear. Any updates to the app, which comes bundled with older Android phones, must be done through operating system updates - so the availability of the fix may be hindered upon its initial release.

At the moment, users can protect themselves by dropping the Android browser and start using an alternative one that is sure not to be based on the same code: Firefox, Opera and Chrome.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules