PT-2012-47: Information disclosure in Google Chrome on Android

Vulnerable software

Google Chrome on Android
Version: 18.0.1025123 and earlier

Application link:

Severity level

Severity level: Medium
Impact: Information disclosure
Access Vector: Remote  

CVSS v2:
Base Score: 5.0
Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE: CVE-2012-4903

Software description

Google Chrome is a web browser for Android.

Vulnerability description

The specialists of the Positive Research center have detected "Information disclosure " vulnerability in Google Chrome on Android.

Google Chrome on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data.

How to fix

Update your software up to the latest version

Advisory status

20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure


The vulnerability has discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)


Reports on the vulnerabilities previously discovered by Positive Research: