CVE-2018-20523 – Xiaomi browser 10.2.4.g - Browser Search History Disclosure

https://notcve.org/view.php?id=CVE-2018-20523

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request. Xiaomi stock Browser versión 10.2.4.g en dispositivos Xiaomi Redmi Note 5 Pro y otros teléfonos Redmi Android, permite inyección en el proveedor de contenido. En otras palabras, una aplicación de terceros puede leer el historial del explorador del usuario en texto sin cifrar mediante una petición app.provider.query content://com.android.browser.searchhistory/searchhistory. Xiaomi browser version 10.2.4.g suffers from a browser search history disclosure vulnerability. • https://www.exploit-db.com/exploits/50188 http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html https://sec.xiaomi.com https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •