Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
The product dereferences a pointer that it expects to be valid but is NULL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 100.0.4896.60 (excluding) | |
Chromium-browser | Ubuntu | bionic | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | xenial | * |