'Popular Android Browsers Dolphin and Mercury Are Vulnerable'

Advertisement
By Manish Singh | Updated: 24 August 2015 17:11 IST

Major security vulnerabilities have been found in Dolphin and Mercury Android browsers. Security enthusiast Rotologix has revealed zero-day flaws in the Web browsers, which if exploited, allows attackers to perform remote code execution.

The Dolphin and Mercury browsers are quite popular on Android, racking in over 100 million users. Specifically, the Dolphin remote code execution exploit allows an attacker to replace the browser's theme package with an infected counterpart.

Going further in, the exploit allows an attacker to modify the network traffic, which allows the person to modify the functionality of downloading and applying new themes to the browser. Once affected, a victim is only required to select, download, and apply a new Dolphin browser theme. The Dolphin browser hasn't been updated since July, suggesting that all users are likely affected by the zero-day vulnerability.

Advertisement

"An attacker with the ability to control the network traffic for users of the Dolphin browser for Android, can modify the functionality of downloading and applying new themes for the browser," Rotologix wrote in a blog post. "Through the exploitation of this functionality, an attacker can achieve an arbitrary file write, which can then be turned into code execution within the context of the browser on the user's device," he added.

Advertisement

Moving on, Rotologix says that Mercury browser for Android is affected with an insecure Intent URI scheme implementation and a path traversal vulnerability that provides support to the Wi-Fi Transfer feature. "Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the Mercury Browser's data directory," he added.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Apps, Dolphin, Mercury, Security
Advertisement

Related Stories

Popular Mobile Brands
  1. Scientists Create Most Detailed Radio Map of Early Universe Using MWA
  1. Thanal Comes to OTT: Everything You Need to Know About This Tamil Action Thriller
  2. Madam Sengupta Is Now Streaming: Know Where to Watch This Bangla Crime Thriller
  3. Ryugu Samples Reveal Ancient Water Flow on Asteroid for a Billion Years
  4. Scientists Create Most Detailed Radio Map of Early Universe Using MWA
  5. Mayor of Kingstown Season 4 OTT Release: Know When, Where to Watch Jeremy Renner's Crime Drama
  6. Our Fault Is Streaming Now: Know All About This Gabriel Guevara and Nicole Wallace Starrer
  7. The Conjuring: Last Rites Is Now Streaming Online: Know Where to Watch the Latest Installment from the Horror Franchise
  8. Delhi Crime Season 3 OTT Release: Know When to Watch This Shefali Shah Thriller Series
  9. Vast Space to Launch Haven-1, the World’s First Private Space Station in 2026
  10. Atmospheric Carbon Dioxide Soars to 424PPM, Marking Biggest Yearly Jump Ever
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.