There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
The vulnerability lies in improper use of cryptography (CWE-327 — use of a broken or risky cryptographic algorithm, CWE-347 — improper verification of cryptographic signature). Incorrect implementation of cryptographic mechanisms may allow an attacker to bypass security measures based on integrity verification or data authenticity. Exploitation is possible remotely, without the need to possess additional privileges or engage the user.
An attacker can remotely obtain privilege escalation on a vulnerable Android device, potentially gaining full control over the system (confidentiality, integrity, and availability are fully threatened).
Security patches available from the manufacturer should be applied in accordance with references — Pixel Security Bulletin published 2024-06-01 (https://source.android.com/security/bulletin/pixel/2024-06-01). Immediate software update of the device to the latest available version is recommended.
Google Android — versions indicated in manufacturer references (Pixel Security Bulletin from June 2024)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGoogle Android
OSGooglewszystkie wersje
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...