CVE-2012-4908

Google Chrome < 18.0.1025306 - Same Origin Policy Bypass via Symlink

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4908. PoCs published by Artem Chaykin.

AI-analyzed exploit summary This exploit demonstrates a same-origin policy bypass in Google Chrome for Android via a JavaScript-based attack. It uses XMLHttpRequest to fetch and display the response text of the current document URL, potentially leaking sensitive information.

Description

Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Artem Chaykin · textremoteandroid

https://www.exploit-db.com/exploits/37795

View Code ZIP pw:eip

This exploit demonstrates a same-origin policy bypass in Google Chrome for Android via a JavaScript-based attack. It uses XMLHttpRequest to fetch and display the response text of the current document URL, potentially leaking sensitive information.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome for Android prior to 18.0.1025308

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking x_refsource_confirm

https://code.google.com/p/chromium/issues/detail?id=144866

Vendor Advisory x_refsource_confirm

http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html

Scores

EPSS 0.0335

EPSS Percentile 87.2%

Details

CWE

CWE-264

Status published

Products (1)

google/chrome < 18.0.1025306

Published Sep 13, 2012

Tracked Since Feb 18, 2026