Google Android Browser CVE-2014-6041 Same Origin Policy Security Bypass Vulnerability
BID:69548
CVE-2014-6041 |Info
Google Android Browser CVE-2014-6041 Same Origin Policy Security Bypass Vulnerability
| Bugtraq ID: | 69548 |
| Class: | Design Error |
| CVE: |
CVE-2014-6041 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2014 12:00AM |
| Updated: | Sep 23 2014 12:01AM |
| Credit: | Rafay Baloch |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Google Android Browser CVE-2014-6041 Same Origin Policy Security Bypass Vulnerability
Google Android Browser is prone to a vulnerability that may allow attackers to bypass certain security restrictions.
Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or launch other attacks.
Versions prior to Google Android Browser 4.2.1 is vulnerable.
Google Android Browser is prone to a vulnerability that may allow attackers to bypass certain security restrictions.
Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or launch other attacks.
Versions prior to Google Android Browser 4.2.1 is vulnerable.
Exploit / POC
Google Android Browser CVE-2014-6041 Same Origin Policy Security Bypass Vulnerability
Attackers may use standard tools to exploit this issue. The attacker must entice a user to visit a malicious website.
The following metasploit exploit code is available:
Attackers may use standard tools to exploit this issue. The attacker must entice a user to visit a malicious website.
The following metasploit exploit code is available:
Solution / Fix
Google Android Browser CVE-2014-6041 Same Origin Policy Security Bypass Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Google Android Browser CVE-2014-6041 Same Origin Policy Security Bypass Vulnerability
References:
References: