PT-2012-46: Cross-application scripting in Google Chrome on Android Vulnerable softwareGoogle Chrome on Android Version: 18.0.1025123 and earlierApplication link: https://play.google.com/store/apps/details?id=com.android.chromeSeverity levelSeverity level: Medium Impact: Cross-application scripting Access Vector: Remote CVSS v2: Base Score: 4.3 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)CVE: CVE-2012-4904 Software descriptionGoogle Chrome is a web browser for Android.Vulnerability descriptionThe specialists of the Positive Research center have detected "Cross-application scripting (UXSS)" vulnerability in Google Chrome on Android.Cross-application scripting vulnerability in Google Chrome on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.How to fix Update your software up to the latest versionAdvisory status 20.07.2012 - Vendor is notified 20.07.2012 - Vendor gets vulnerability details 12.09.2012 - Vendor releases fixed version and details 21.09.2012 - Public disclosureCreditsThe vulnerability has discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2012-46 Reports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/