// For flags

CVE-2012-4907

Chrome For Android API Exposure

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.

Google Chrome antes de v18.0.1025308 en Android no restringe correctamente acceso desde el código JavaScript a Android API, lo que permite a atacantes remotos tener un impacto no especificado a través de una página web maliciosa.

By abusing Java objects exposed to JavaScript, malicious web pages can execute arbitrary commands on Chrome for Android, if the accessibility setting of the device is enabled. Version 18.0.1025308 was released to address this vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-09-13 CVE Reserved
  • 2012-09-13 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
 <= 18.0.1025306
Search vendor "Google" for product "Chrome" and version " <= 18.0.1025306"
-
Affected
in Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
*-
Safe