DEBIAN-CVE-2026-3936

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3936

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

PT-2026-1549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.192 Description Insufficient policy enforcement in the WebView tag allows a remote attacker to inject scripts or HTML into privileged pages via a crafted Chrome extension. This issue can be exploited ...

EUVD-2012-3961

Malware in sbrugna...

EUVD-2020-8831

Malware in sbrugna...

EUVD-2012-2631

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2012-6636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Ja...

CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

Microsoft Xamarin.Forms Spoofing Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A spoofing vulnerability exists in Microsoft Xamarin.Forms. The vulnerability stems from a default setting in Android WebView versions prior to 83.0.4103.106. An attacker can exploit the vulnerability t...

GitHub Security Lab: Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks

This bug was reported directly to GitHub Security Lab...

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

GHSA-36J3-XXF7-4PQG Android WebView Universal Cross-site Scripting

A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...

Android WebView Universal Cross-site Scripting

A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...

Universal XSS in Android WebView

Overview A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native...

Cross-site Scripting (XSS)

Overview react-native-webview is a React Native WebView component for iOS, Android, macOS, and Windows Affected versions of this package are vulnerable to Cross-site Scripting XSS. A universal cross-site scripting UXSS vulnerability has been identified in the Android WebView system component, whi...

UBUNTU-CVE-2020-6538

Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2020-16873

The CVE-2020-16873 entry describes a spoofing vulnerability in Microsoft Xamarin.Forms tied to the Android WebView default settings before 83.0.4103.106. The issue allows an attacker to execute arbitrary Javascript if a user visits a malicious website or a site serving malicious code via Xamarin....

PT-2020-4018 · Microsoft +1 · Xamarin.Forms +1

Name of the Vulnerable Software and Affected Versions: Microsoft Xamarin.Forms versions prior to 83.0.4103.106 Description: A spoofing issue exists due to the default settings on Android WebView, allowing an attacker to execute arbitrary Javascript code on a target system. The attack requires the...

Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object

Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...

X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...