Sergey Toshin, security researcher at Positive Technologies, found a vulnerability that existed on all versions of Android starting with 4.4. It was discovered that it is an error in WebView, which could be used to install malware or instant applications to access user's personal data, token and headers identification and other important data.
The error was detected in Chromium which uses WebView on Android 4.4 and later versions. The WebView allows websites to appear on Android apps. This may have affected Chromium-based mobile browsers, such as Google Chrome, the Samsung Internet Browser, and others Yandex Browser.
The bug was corrected in the last one Google Chrome 72, but Android users are recommended to check if they have benefited from the critical update.
Leigh-Anne Galloway, Positive Technologies's Cyber Security Resilience Lead said:From Android 7.0, WebView has been implemented through Google Chrome so updating your browser is enough to fix the bug. In previous Android versions, WebView needs to be updated via Google Play. Users who do not have Services Google Play on their smartphones they will have to wait for a WebView update from the device manufacturer. "