Same Sh*t Different Android Browser

Overview I have been researching Android web browsers quite a bit over the last year, and have made some interesting discoveries. One of those discoveries has been the complete lack of understanding on how to securely implement the use of the Intent URI scheme. Vulnerabilities that stem from insecurely parsing…

The Power of Wings | Abusing the Intent URL Scheme Redux

Overview In March 2014 a white paper was released that detailed research from Takeshi Terada around using the Intent URL Scheme in order to effectively attack Android Web Browsers. In this paper he demonstrates how an insecure implementation of the Intent URL Scheme had been leveraged in popular browsers (Chrome,…