A severe security flaw on Android devices was identified by researchers from Positive Technologies. Sergey Toshin, a mobile application security expert at Positive Technologies unearthed the flaw on the popular platform. It was found to affect the WebView component used in browsers such as Google Chrome, Yandex, and many others.,
How is the vulnerability exploited?
Why it matters - The vulnerability was the result of incorrect policy enforcement in browsers which could allow attackers to inject malicious apps.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, explained further stating that, “The WebView component is used in most Android mobile apps, which makes such attacks extremely dangerous. The most obvious attack scenario involves little-known third-party applications."
"After an update containing a malicious payload, such applications could read information from WebView. This enables access to browser history, authentication tokens and headers (which are commonly used for login in mobile apps), and other important data,” Galloway added.