Google needed more than three years to patch a flaw in Chrome for Android

Back in May 2015, a serious flaw in Chrome for Android that exposed various bits of sensitive information was discovered. This security issue was ignored by Google for more than three years, but now the tech giant is finally taking care of it. Unfortunately, a final fix for this vulnerability is not available yet.

Codrut Nistor, Published 01/03/2019

On the last day of May 2015, a report concerning a bug discovered in Chrome 43 on Android 5.1 Lollipop was published here. Its name — Chrome on Android reveals the exact model and OS version of the device used via user agent — is suggestive and Google engineers should have been worried about the possible effects of this vulnerability. However, it seems that they still need some time to take care of it properly.

At the end of September 2015, Nightwatch Cybersecurity published an in-depth research article concerning the aforementioned bug. According to a much more recent report by the same security organization, Google came up with a partial fix in October 2018. Back then, Chrome 70 for Android removed the firmware build information from the set of exposed information. Unfortunately, the device model number can still be accessed by using the same method.

Since we are already in 2019, we can only hope that Google will finally address this flaw before it gets as old as four years. Obviously, some might not consider it that much of a hassle, but it's always better to know that a certain threat — small or not-so-small — has been ironed out.

Do you think that this kind of issue should be considered a minor one or not? Is Google doing enough to keep our Android devices safe? Feel free to let us know what you think in the comments section below, as usual.

Source(s)

ZDNet

Android 2.3.7 Gingerbread was released in September 2011 (Source: Techzim)

Google will drop devices still on Android 2.3.7 and earlier in September 08/02/2021

The general copyright strike message found on YouTube. (Image via YouTube)

The Verge issues copyright claims against multiple YouTube videos criticizing its infamous PC build video 02/15/2019

Bug in latest Firefox 65 update blocks HTTPS websites 02/05/2019

Acer resurrects the Chromebase with two new Chrome OS AiO desktops 02/05/2019

Some US users can now see a speed-limit icon in the bottom left corner of their directions view in Maps. (Source: Google)

Google Maps now display speed limits in certain areas 01/18/2019

A Project Soli sensor. (Source: Google ATAP)

Google's Project Soli secures FCC approval 01/05/2019

Google has removed the text referring to the Android One software update structure. (Source: Google)

Google denies apparent withdrawal of Android One 2-year update pledge 12/30/2018

Google's Android Messages app now offers baked in spam blocking. (Source: Slashgear)

Google rolls out new spam protection for Android Messages app 12/30/2018

Google Chrome Labs unveils Squoosh, an open-source image compression tool that runs in your browser 11/14/2018

Qualcomm working on Google Chrome port for Windows 10 ARM, launch expected for Q2 2019

Windows 10 ARM could get a native Google Chrome release in the second half of 2019 10/22/2018

10th anniversary version of Chrome comes with many new features. (Source: BGR)

Google celebrates Chrome's 10th anniversary with fresh new version 09/05/2018

Google Chrome found to start antivirus scans at every launch 04/09/2018

The Archive Poster Chrome extension has been caught mining cryptocurrency. (Source: Google)

The Chrome installer can now be downloaded from the Microsoft Store. (Source: MSPoweruser)

Google throws a bone at the Microsoft Store, offers download of Chrome installer 12/20/2017

Yet another Android exploit. (Source: Pixabay)

New Android security flaw allows screen recording without direct user permission 11/18/2017

Chromedroid statue render, Google Chrome mobile has one billion users

Google Chrome reaches one billion users 04/21/2016

Loading Comments

Comment on this article

It costs up to $649 to repair a ben...

Initial rumors of the Samsung Galax...

Codrut Nistor - Senior Tech Writer - 6324 articles published on Notebookcheck since 2013

In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.

contact me via: @online_digi, online.digital.craft, LinkedIn

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 01 > Google needed more than three years to patch a flaw in Chrome for Android

Codrut Nistor, 2019-01- 3 (Update: 2019-01- 3)

Google needed more than three years to patch a flaw in Chrome for Android

Source(s)

Related Articles