Security vulnerability in Edge on Android unfixed since April

%3CLINGO-SUB%20id%3D%22lingo-sub-1959013%22%20slang%3D%22en-US%22%3ESecurity%20vulnerability%20in%20Edge%20on%20Android%20unfixed%20since%20April%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1959013%22%20slang%3D%22en-US%22%3E%3CP%3EA%20security%20vulnerability%20in%20the%20Google%20Play%20Core%20Library%20that%20was%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblog.oversecured.com%2FOversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Einitially%20publicly%20disclosed%20in%20August%3C%2FA%3E%20and%20fixed%20in%20April%20by%20Google%20%3CA%20href%3D%22https%3A%2F%2Fresearch.checkpoint.com%2F2020%2Fvulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehas%20been%20found%20to%20remain%20unfixed%20in%20a%20number%20of%20applications%3C%2FA%3E%20that%20accumulate%20hundreds%20of%20millions%20of%20downloads.%20Edge%20on%20Android%20has%20been%20found%20to%20be%20one%20of%20those%20applications.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20sure%20if%20this%20bug%20is%20related%20to%20Edge%20Android%20still%20using%20Chromium%2077%2C%20which%20was%20released%20in%20%3CEM%3ESeptember%202019%3C%2FEM%3E.%20If%20so%2C%20then%20the%20refusal%20of%20the%20Edge%20Android%20team%20to%20move%20on%20to%20updated%20Chromium%20versions%20is%20starting%20to%20bite%20the%20browser%20in%20more%20ways%20than%20one.%20If%20not%2C%20then%20this%20security%20vulnerability%20should%20be%20fixed%20asap%20anyway.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(In%20any%20case%2C%20it's%20high%20time%20your%20Android%20team%20got%20off%20their%20butts%20and%20finally%20updated%20the%20Chromium%20version.%20A%20handful%20of%20months%20of%20delay%20may%20have%20been%20forgivable%2C%20a%20year%20and%20a%20quarter%20and%20counting%20is%20completely%20ridiculous.%20Not%20that%20it%20matters%20what%20I%20say%2C%20but%20I'm%20running%20out%20of%20patience%20on%20this%20matter.)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

A security vulnerability in the Google Play Core Library that was initially publicly disclosed in August and fixed in April by Google has been found to remain unfixed in a number of applications that accumulate hundreds of millions of downloads. Edge on Android has been found to be one of those applications.

 

I'm not sure if this bug is related to Edge Android still using Chromium 77, which was released in September 2019. If so, then the refusal of the Edge Android team to move on to updated Chromium versions is starting to bite the browser in more ways than one. If not, then this security vulnerability should be fixed asap anyway.

 

(In any case, it's high time your Android team got off their butts and finally updated the Chromium version. A handful of months of delay may have been forgivable, a year and a quarter and counting is completely ridiculous. Not that it matters what I say, but I'm running out of patience on this matter.)

0 Replies