CVE-2012-4906

Google Chrome <18.0.1025308 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4906. PoCs published by Artem Chaykin.

AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in Google Chrome for Android to steal cookie-based authentication credentials by tricking the browser into saving its Cookies file to an accessible directory. The PoC uses an Intent to trigger the vulnerability and reads the exposed file.

Description

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Artem Chaykin · textremoteandroid
https://www.exploit-db.com/exploits/37793

This exploit leverages an information disclosure vulnerability in Google Chrome for Android to steal cookie-based authentication credentials by tricking the browser into saving its Cookies file to an accessible directory. The PoC uses an Intent to trigger the vulnerability and reads the exposed file.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Google Chrome for Android prior to 18.0.1025308
No auth needed
Prerequisites: Malicious app installed on the target device · Access to the device's file system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0310
EPSS Percentile 86.1%

Details

CWE
CWE-264
Status published
Products (1)
google/chrome < 18.0.1025306
Published Sep 13, 2012
Tracked Since Feb 18, 2026