Description
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Artem Chaykin · textremoteandroid
https://www.exploit-db.com/exploits/37793
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=144820
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html
Scores
EPSS
0.0815
EPSS Percentile
92.2%
Details
CWE
CWE-264
Status
published
Products (1)
google/chrome
< 18.0.1025306
Published
Sep 13, 2012
Tracked Since
Feb 18, 2026