Description
In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Exploitation
The vulnerability was discovered as part of a research about side-channel vulnerabilities through Android NDK / libc functions.
đ For an in-depth technical analysis, read the full research paper here: https://arxiv.org/pdf/2204.05911.pdf
Impact
By exploiting the vulnerability, it would be possible to infer, under certain conditions, the websites accessed using a browser on a specific Android device.
Remediation
To fix the vulnerability, it is necessary to update the Android OS to Android 13.
Credits
Valerio Brussani (@valbrux) â NoZero Cybersecurity Research