The Broadband Guide
search advanced
 forgot password?

Android Browser Bug Puts Privacy at Risk

2014-09-18 09:18 by
Tags: ,


A potentially serious security flaw has been discovered in the default Android Browser, and could allow a user to bypass the Same Origin Policy (SOP) security measures. The vulnerability affects devices that run Android versions older than 4.4 or roughly 40 to 50% of all Android users.

The issue is a universal cross-site scripting flaw that stems from how the browser handles javascript: strings preceded by a null byte character. When encountering such a string, the browser fails to enforce the same-origin policy, a security control that prevents scripts running in the context of one site from interacting with the content of other websites.

The bug reads cookies and password fields, and can extract a wealth of personal information, and easily interfere with other sites' content. Google said it is working on the problem, but when, or how, a fix will be made remains unclear. Any updates to the app, which comes bundled with older Android phones, must be done through operating system updates - so the availability of the fix may be hindered upon its initial release.

At the moment, users can protect themselves by dropping the Android browser and start using an alternative one that is sure not to be based on the same code: Firefox, Opera and Chrome.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About