Chrome for Android Fixes Bugs

Monday, September 17, 2012 @ 06:09 PM gHale


There is a security update from Google for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities.

The update strengthens Chrome for Android’s sandbox technology as well as resolving seven other moderate bugs, said software engineer Jay Civelli on the Google Chrome Blog. The fix is available for users of Android 4.0 (Ice Cream Sandwich) and 4.1 (Jelly Bean).

RELATED STORIES
Profiting off Android Attacks
Malware Continues to Rise
Malware Bypasses Defenses with Ease
Malware Disguised as Security Software

Specifically, the update fixes two medium-rated bugs reported by Artem Chaykin for which he received a total of $1,000 in rewards. The first fixes an issue with information and credential disclosure by file:// URLs and the second resolves a problem with current-tab cross-application scripting (UXSS).

The other five vulnerabilities reported by Takeshi Terada also received medium ratings, earning him $2,500 ($500 apiece). His reports had to do with UXSS via intent extra data, information and credential disclosure by file:// URLs, Android APIs exposed to JavaScript, bypassing same-origin policy for local files with symlinks, and cookie theft by malicious local Android app.

Google shipped these updates on the same day that Jon Oberheide of Duo Security published a blog presenting the findings of their X-Ray projects, which revealed that more than half of Android devices contain vulnerabilities that attackers could exploit to take complete control of user’s devices.



Leave a Reply

You must be logged in to post a comment.