Google Chrome on Android
Version: 18.0.1025123 and earlier
Application link:
<https://play.google.com/store/apps/details?id=com.android.chrome>[](<http://www.opencart.com/>)
Severity level: Medium
Impact: Cross-application scripting
Access Vector: Remote
CVSS v2:
Base Score: 4.3
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE: CVE-2012-4904
Software description
Google Chrome is a web browser for Android.
The specialists of the Positive Research center have detected “Cross-application scripting (UXSS)” vulnerability in Google Chrome on Android.
Cross-application scripting vulnerability in Google Chrome on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by “Universal XSS (UXSS)” attacks against the current tab.
Update your software up to the latest version
20.07.2012 - Vendor is notified
20.07.2012 - Vendor gets vulnerability details
12.09.2012 - Vendor releases fixed version and details
21.09.2012 - Public disclosure
The vulnerability has discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)
<http://en.securitylab.ru/lab/PT-2012-46>
Reports on the vulnerabilities previously discovered by Positive Research:
<http://ptsecurity.com/research/advisory/>
<http://en.securitylab.ru/lab/>