Google Android Mobile Browser - Persistent Remote Vulnerability (PoC Video)

Google Android Mobile Browser - Persistent Remote Vulnerability

Today in the morning the well known vulnerability-lab core team researcher ismail kaleem (maledives) has discovered the details of a google android browser vulnerability. The vulnerability is remotly exploitable and the severity of the issue is high.

The bug has been reported to google by the famous maledivian researcher during a pentest session in the official facebook bug bounty program. The issue is located in the google android mobile browser engine and its validation.

Remote attacker are able to inject own persistent script code by base64 encode script code payloads to hijack session information or to compromise user accounts of a service. First the bug has been reported to the facebook security team which later refered the core team to the google security program.

Video: http://www.vulnerability-lab.com/get_content.php?id=1337