First published: Fri Jun 07 2019(Updated: )
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
mi Stock Browser | =10.2.4g | |
Mi Redmi 7 Firmware | ||
Mi Redmi 7 | ||
Mi Redmi Note 7 | ||
Mi Redmi Note 7s | ||
Mi Redmi Note 6 Pro Firmware | ||
Mi Redmi Note 6 Pro | ||
Mi Redmi 6a | ||
Mi Redmi 6 | ||
Mi Redmi 6a | ||
Mi Redmi 6a Firmware | ||
Mi Redmi S2 Firmware | ||
Mi Redmi S2 Firmware | ||
Mi Redmi Note 5 Pro Firmware | ||
Mi Redmi Note 5 Pro | ||
Mi Redmi K20 Pro Firmware | ||
Mi Redmi K20 Pro | ||
Mi Redmi K20 Firmware | ||
Mi Redmi K20 Firmware | ||
Mi Redmi 7a Firmware | ||
Mi Redmi 7a | ||
Mi Redmi Go Firmware | ||
Mi Redmi Go Firmware | ||
mi Redmi 5 | ||
Mi Redmi Note 5 | ||
Mi Redmi Y3 Firmware | ||
Mi Redmi Y3 Firmware | ||
Mi Redmi Note 7 | ||
Mi Redmi Note 7s Firmware | ||
Mi Redmi 4A Firmware | ||
Mi Redmi 4A Firmware | ||
Mi Redmi Note 4 | ||
Mi Redmi Note 4 Firmware | ||
Mi Redmi 5 Plus | ||
Mi Redmi 5 Plus Firmware | ||
Mi Redmi Note 5a Prime | ||
Mi Redmi Note 5a Prime Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-20523 is classified as a high risk due to its ability to expose sensitive user information.
To mitigate the issue associated with CVE-2018-20523, users should update the Xiaomi Stock Browser to the latest version provided by Xiaomi.
CVE-2018-20523 affects Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro and other affected Redmi Android phones.
CVE-2018-20523 is classified as a content provider injection vulnerability that allows unauthorized access to user's browser history.
Yes, third-party applications can exploit CVE-2018-20523 to read a user's cleartext browser history.