Summary:
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user’s browser history.
Vulnerable component:
com.android.browser.searchhistory
Drozer command:
run app.provider.query content://com.android.browser.searchhistory/searchhistory
Poc Image:

Fixing Timeline:
- Reported to Xiaomi team on 2018-11-24
- Bug reproduced by the team and fixed in the newer version.
- Fix verified on 2018-12-27
- CVE-2018-20523 assigned
Leave a Reply