A previously discovered vulnerability in Android’s built-in browser might be more widespread than initially thought, according to Trend Micro researchers.
The researchers downloaded the top 100 apps in Google Play with the word “browser” in their names to determine whether the bug would allow them to violate the browser’s Same Origin Policy (SOP). They found that 42 of them were vulnerable. In addition to those apps, any that open websites within the app are also at risk.
This bug, CVE-2014-6041, could impact up to approximately 75 percent of Android users who run platforms older than version 4.4. Tech savvy users, who prefer the Android Open Source Platform (AOSP) browser, could also be targeted in attacks.
Although Google has issued a patch, the vulnerability could persist for months while users wait to get the update through their device manufacturers or service providers.