PT-2012-47: Information disclosure in Google Chrome on Android Vulnerable softwareGoogle Chrome on Android Version: 18.0.1025123 and earlierApplication link: https://play.google.com/store/apps/details?id=com.android.chromeSeverity levelSeverity level: Medium Impact: Information disclosure Access Vector: Remote CVSS v2: Base Score: 5.0 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)CVE: CVE-2012-4903 Software descriptionGoogle Chrome is a web browser for Android.Vulnerability descriptionThe specialists of the Positive Research center have detected "Information disclosure " vulnerability in Google Chrome on Android.Google Chrome on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data.How to fix Update your software up to the latest versionAdvisory status 20.07.2012 - Vendor is notified 20.07.2012 - Vendor gets vulnerability details 12.09.2012 - Vendor releases fixed version and details 21.09.2012 - Public disclosureCreditsThe vulnerability has discovered by Artem Chaykin, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2012-47 Reports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/