Google Chrome for Android < 50.0.2661.102 Directory Traversal
Medium Nessus Network Monitor Plugin ID 9375
SynopsisThe remote mobile host is affected by a directory traversal vulnerability.
DescriptionThe version of Google Chrome for Android on the remote mobile host is prior to 50.0.2661.102 and thus unpatched for a flaw in the 'FileURLToFilePath()' function in 'net/base/filename_util.cc' that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the file scheme. This may allow an attacker to have an unspecified impact.
SolutionUpdate Chrome for Android to version 50.0.2661.102 or later.