Google warns of vulnerabilities in Chrome browser and Android operating system
If you use an Android telephone or Chrome browser, you should update the products to the latest version
Ami Rojkes Dombe
| 04/04/2021
Photo: Bigstock
Google revealed that a vulnerability that influences Android devices with Qualcomm chipsets is being used by hackers for targeted attacks. Vulnerability CVE-2020-11261 (CVSS grade 8.4) is an "improper input validation" problem in a graphic component of Qualcomm that can be used to exploit memory areas via an app designed by the attacker.
"There are indications that CVE-2020-11261 may be under limited, targeted exploitation," the search giant said in a March 18 update to an advisory from January. CVE-2020-11261 was discovered and reported to Qualcomm by the Android security staff at Google on July 20, 2020, and afterwards was patched in January 2021.
In addition, users started to report that the Android update was interfering with the operation of the mobile device, with the WebView component making apps crash. The same was happening with the Chrome browser. Some users said that removing the latest update to WebView fixed the issue, and in fact, Samsung’s official Twitter account in the US recommended taking that step.
Regarding the Chrome update, Kaspersky claimed that it is a critical update. "An anonymous security researcher reported CVE-2021-211193 on March 9, and Google rushed out a fix in just three days. That rush might be attributable to the vulnerability’s real-world exploitation; crooks have already used the vulnerability, and that is reason enough for everybody to patch Google," the company's statement said.
In conclusion, if you use Google products, make sure to update the mobile phone's operating system and the browser.
If you use an Android telephone or Chrome browser, you should update the products to the latest version
Photo: Bigstock
Google revealed that a vulnerability that influences Android devices with Qualcomm chipsets is being used by hackers for targeted attacks. Vulnerability CVE-2020-11261 (CVSS grade 8.4) is an "improper input validation" problem in a graphic component of Qualcomm that can be used to exploit memory areas via an app designed by the attacker.
"There are indications that CVE-2020-11261 may be under limited, targeted exploitation," the search giant said in a March 18 update to an advisory from January. CVE-2020-11261 was discovered and reported to Qualcomm by the Android security staff at Google on July 20, 2020, and afterwards was patched in January 2021.
In addition, users started to report that the Android update was interfering with the operation of the mobile device, with the WebView component making apps crash. The same was happening with the Chrome browser. Some users said that removing the latest update to WebView fixed the issue, and in fact, Samsung’s official Twitter account in the US recommended taking that step.
Regarding the Chrome update, Kaspersky claimed that it is a critical update. "An anonymous security researcher reported CVE-2021-211193 on March 9, and Google rushed out a fix in just three days. That rush might be attributable to the vulnerability’s real-world exploitation; crooks have already used the vulnerability, and that is reason enough for everybody to patch Google," the company's statement said.
In conclusion, if you use Google products, make sure to update the mobile phone's operating system and the browser.
