Google Android Mobile Browser - Persistent Remote Vulnerability (PoC Video)

Editorial_Staff_Team's picture

Google Android Mobile Browser - Persistent Remote Vulnerability

Today in the morning the well known vulnerability-lab core team researcher ismail kaleem (maledives) has discovered the details of a google android browser vulnerability. The vulnerability is remotly exploitable and the severity of the issue is high.

The bug has been reported to google by the famous maledivian researcher during a pentest session in the official facebook bug bounty program. The issue is located in the google android mobile browser engine and its validation.

Remote attacker are able to inject own persistent script code by base64 encode script code payloads to hijack session information or to compromise user accounts of a service. First the bug has been reported to the facebook security team which later refered the core team to the google security program.

Video: http://www.vulnerability-lab.com/get_content.php?id=1337

Rate this article: 
Average: 2.3 (3 votes)

Comments

krishna's picture

wow!! any update regaring the validity about this??
 
regards

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.