PT-2012-46: Cross-application scripting in Google Chrome on Android
Google Chrome on Android
Version: 18.0.1025123 and earlier
Severity level: Medium
Impact: Cross-application scripting
Access Vector: Remote
Base Score: 4.3
Google Chrome is a web browser for Android.
The specialists of the Positive Research center have detected "Cross-application scripting (UXSS)" vulnerability in Google Chrome on Android.
Cross-application scripting vulnerability in Google Chrome on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
How to fix
Update your software up to the latest version
20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure
The vulnerability has discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: