CVE-2012-4909

Google Chrome <18.0.1025308 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4909. PoCs published by Artem Chaykin.

AI-analyzed exploit summary This exploit leverages a symlink vulnerability in Google Chrome for Android to read the browser's cookie file by creating a symlink to it and rendering its contents as HTML. It requires local execution and exploits improper file access controls.

Description

Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Artem Chaykin · textremoteandroid

https://www.exploit-db.com/exploits/37794

View Code ZIP pw:eip

This exploit leverages a symlink vulnerability in Google Chrome for Android to read the browser's cookie file by creating a symlink to it and rendering its contents as HTML. It requires local execution and exploits improper file access controls.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Google Chrome for Android < 18.0.1025308

No auth needed

Prerequisites: Local execution on the target device · Ability to create symlinks in the app's directory

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking x_refsource_confirm

https://code.google.com/p/chromium/issues/detail?id=141889

Vendor Advisory x_refsource_confirm

http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html

Scores

EPSS 0.0215

EPSS Percentile 79.8%

Details

CWE

CWE-200

Status published

Products (1)

google/chrome < 18.0.1025306

Published Sep 13, 2012

Tracked Since Feb 18, 2026