Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome for Android < 50.0.2661.102 Directory Traversal

Medium

Synopsis

The remote mobile host is affected by a directory traversal vulnerability.

Description

The version of Google Chrome for Android on the remote mobile host is prior to 50.0.2661.102 and thus unpatched for a flaw in the 'FileURLToFilePath()' function in 'net/base/filename_util.cc' that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the file scheme. This may allow an attacker to have an unspecified impact.

Solution

Update Chrome for Android to version 50.0.2661.102 or later.