Google browser vulnerability could have let hackers steal personal data

Researchers have discovered a critical vulnerability in Google's Chromium browser that could be used to steal personal data. The Positive Technologies researcher, Sergey Toshin, discovered the error last December and revealed it to Google in January, which solved the problem a few weeks later. There is no indication that it has been actively exploited, but given the wide scope of vulnerability, it is difficult to be sure.

The error was briefly revealed in the January Google patch notes, described only as a high severity vulnerability with "insufficient policy compliance." After a new Positive Technologies report, we now know that the error affected the Android's WebView component, which is commonly used to display pages within Android applications, more generally, the vulnerability existed in Google's Chromium engine and was present in all versions of Android 4.4 and later.

hackers could have exploited the vulnerability by linking users with a malicious instant application, which would execute a small file that has access to the hardware of a phone, from which attackers could intercept the user's data. "After an update that contains a malicious payload, such applications could read WebView information. allows access to browser history, authentication tokens commonly used for logging into mobile applications and other important data, "said Leigh-Anne Galloway, leader in cybersecurity resilience in Positive Technologies.

Any user who has Android 7.0 and more should have updated The Google Chrome browser in January, while users running previous versions of Android had to update WebView through Google Play. Android users who do not have Google Play should wait for an update from the device manufacturer.

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. does not host or upload this material and is not responsible for the content.