Google no longer closes leaks in stock browser Android 4.3 and below
Google would no longer want to fix security vulnerabilities in older versions of Android’s default browser. This makes users of outdated devices especially vulnerable to cyber criminals.
According to The Wall Street Journal, it concerns the stock browsers of the mobile operating system up to and including Android version 4.3, which is also known as Jelly Bean. Google figures show that sixty percent of users with a Play Store app have an outdated version.
The browsers run on an old version of WebView, which is used for rendering pages. Google replaced that component in more recent versions with a variant based on the Chromium browser engine. Google allegedly told Rapid7 that browsers that don’t have that engine are too old to support it any longer. This concerns software on third-party devices.
Rapid7 develops the popular Metasploit hacker toolkit. That kit already offers exploits to attack, among other things, stock browsers with WebView. In addition, vulnerabilities for the stock browser regularly crop up. For example, last year up to and including version 4.3, it was vulnerable to a serious bug in which the websites could read the content and cookies of other web pages via javascript.