Arif Khan, an independent security researcher has recently discovered an issue on Xiaomi Browsers including Mi Browser and recently launched Mint Browser. The vulnerability (CVE-2019-10875) was found to be present in Global version of these browsers and not on the Chinese version, which as per the researcher might be intentional. How was the vulnerability discovered? The researcher says that it was an accidental discovery, and it didn't require much effort. He decided to test a certain feature in Mi Browser which was behaving abnormally than expected. As per the researcher, it was discovered when he tried to open a Google query search link through Mi Browser, and it tried to display only the 'search query' in the URL address bar. As per him, it takes almost 0 user interactions user to exploit. When you try to open a link with a query portion with that URL, Xiaomi's browsers try to display it as search engines would display it in the search bar, but the URL bar doesn't display the full URL, and this not only happens in case of popular search engine websites but also with other websites. Mi Security team (MiSRC) acknowledged the vulnerability and Researcher got the reward! As per Khan, Mi Security team has accepted ...
Read Here»
Subscribe to:
Post Comments (Atom)
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.