TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Idaho hospitals working to resume full operations after cyberattack

    June 4, 2023

    Phishing remained the top identity abuser in 2022: IDSA report

    June 3, 2023

    Hackers exploit bug in Elementor Pro WordPress plugin

    June 2, 2023
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Walmart’s taking a rare $20 off of a set of four AirTags

      June 1, 2023

      The M1 Pro 16-inch MacBook Pro with 1TB of storage is $800 off today

      May 22, 2023

      Google, how do I ask your AI the right questions?

      May 14, 2023

      Where to preorder The Legend of Zelda: Tears of the Kingdom

      May 6, 2023

      ChatGPT returns to Italy after ban

      April 28, 2023
    • Business
    • Cyber Security

      Hackers exploit bug in Elementor Pro WordPress plugin

      June 2, 2023

      15 million public-facing services vulnerable to CISA KEV flaws

      May 23, 2023

      HP to patch critical bug in LaserJet printers within 90 days

      May 15, 2023

      Hackers can open Nexx garage doors remotely, and there’s no fix

      May 7, 2023

      Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

      April 29, 2023
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Vulnerability in Chrome for Android Patched Three Years After Disclosure
    Cyber Security

    Vulnerability in Chrome for Android Patched Three Years After Disclosure

    January 3, 2019Updated:January 11, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    A vulnerabilitiy recently patched by Google in Chrome for Android was an information disclosure bug that was originally reported in 2015, but not patched until the release of Chrome 70 in October 2018, security researchers say. 

    The issue is that the browser – along with WebView and Chrome Tabs for Android – discloses information about the hardware model, firmware version, and security patch level of the device it is installed on. Applications using Chrome to render web content are also impacted. 

    This behavior, however, is defined in the Chrome docs, which state that the Chrome for Android User Agent string includes the Android version number and build information. The information is also sent to apps using WebView and Chrome Tabs APIs, and, although an option is offered to override the default, most applications choose not to do so. 

    “Aggravating this issue is that the user agent header is sent always, with both HTTP and HTTPS requests, often by processes running in background. Also, unlike the desktop Chrome, on Android no extensions or overrides are possible to change the header other than the ‘Request Desktop Site’ option on the browser itself for the current session,” security researchers with Nightwatch Cybersecurity explain.

    While many browsers have been long identifying the operating system and version on both desktop and mobile devices, the fact that the build tag (which identifies the device name and firmware build) is also disclosed represents the root cause of the issue, the researchers say. 

    They also argue that, for many devices, this build tag can be used to identify not only the device, but also the carrier and country. The information could also be used to determine the security patch level on the device.

    The disclosed information, the researchers say, can be used to track users and fingerprint devices. Furthermore, attackers could use the information to learn whether specific devices contain certain vulnerabilities and target those with their exploits. 

    The security issue was initially reported to Google in 2015, but the vendor rejected the bug report. Chrome 70, however, arrived in October 2018 with a partial fix, hiding the firmware information but still revealing the hardware model identifier. 

    “Since this fix doesn’t apply to WebView usage, app developers should manually override the User Agent configuration in their apps,” Nightwatch Cybersecurity notes. 

    The security researchers believe that all prior versions of Chrome for Android are affected by the vulnerability and advise all users to upgrade to version 70 or later. Google continues to treat the issue as not being security related, and a CVE number hasn’t been issued, the researchers say. Digitpol has published to its client network a report outlining versions affected by the vulnerability and upgraded dozens of devices to version 70

    When contacted about the issue in 2015, the vendor said all is working as intended. Last year, however, a new bug was filed by the vendor, along with a feature request, and Chrome 70 for Android brought the aforementioned partial fix, which only applies to the browser itself. 

    Related: Chrome 70 Updates Sign-In Options, Patches 23 Flaws

    Related: Chrome 71 Patches 43 Vulnerabilities

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:

    Source link

    Chrome 70 Digitpol
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Hackers exploit bug in Elementor Pro WordPress plugin

    June 2, 2023 Cyber Security

    15 million public-facing services vulnerable to CISA KEV flaws

    May 23, 2023 Cyber Security

    HP to patch critical bug in LaserJet printers within 90 days

    May 15, 2023 Cyber Security

    Hackers can open Nexx garage doors remotely, and there’s no fix

    May 7, 2023 Cyber Security

    Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

    April 29, 2023 Cyber Security

    SAP releases security updates for two critical-severity flaws

    April 21, 2023 Cyber Security
    Editors Picks

    Phishing remained the top identity abuser in 2022: IDSA report

    June 3, 2023

    Hackers exploit bug in Elementor Pro WordPress plugin

    June 2, 2023

    Walmart’s taking a rare $20 off of a set of four AirTags

    June 1, 2023

    Tether Ventures into Sustainable Energy Production and Bitcoin Mining in Renewable-Rich Uruguay

    May 31, 2023
    Trending Now

    The M1 Pro 16-inch MacBook Pro with 1TB of storage is $800 off today

    By techbizweb

    Salman Rushdie says he is writing book about near-fatal knife attack

    By techbizweb

    #StopRansomware: BianLian Ransomware Group | CISA

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.