California: A high severity bug reportedly went undetected and had been infecting Android devices since 2013.
As Wired reports, the bug, discovered by mobile security researcher Sergey Toshin, could have allowed hackers to gain access to user accounts and spy on them.
The bug originated in Chromium, Google’s open-source project that underlies Chrome and other browsers. As a result, this put to risk mobile Chrome users as well as users of other browsers built on Chromium.
Hackers could use WebView, Chromium’s feature to gain user data and gain wider device access.
The bug went undiscovered for more than five years, even then, the fix has been issued only for newer phones. Users on Android 7 or later will receive the fix through Google Chrome updates, while those running Android 5 or 6 will need to run a special update through Google Play store.