Google has quietly fixed a security flaw in Chrome for Android that was originally reported more than three years ago.
As reported by ZDNet, the vulnerability was found by bug-hunters at Nightwatch Cybersecurity in May 2015, but wasn't addressed until Google's security staff realized that it was, in fact, a threat.
The flaw means that the mobile browser leaks information about the device it's running on, including the hardware model and firmware version – and therefore its security patch level. Chrome for desktop doesn't suffer the same issue.
Too much information
Browsers send various pieces of information to web servers as part of their normal operation, including details of the browser itself, other apps currently running, and the operating system. Unfortunately, Chrome for Android also sent the device name (such as C6606) and firmware build.
The device name might look random, but it correlates to a specific device model, and can be found easily online in readily available lists. For example, device name C6606 would be a Sony Xperia Z.
That's a security issue in itself, but the accompanying leaked firmware details are the biggest problem.
"For many devices, this can be used to identify not only the device, but also the carrier on which it is running and from that the country," said Nightwatch Cybersecurity. "Build numbers are easily obtainable from manufacturer and phone carrier websites such as this one."
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
The build number can also tell attackers the device's security patch level, thereby letting them know which attacks it could be vulnerable to.
Google released a partial fix with Chrome 70 in October 2018, but the browser still releases device names and two Android components (including WebView, which is the built-in browser used by apps like Facebook) still leak the firmware build number.
Cat is TechRadar's Homes Editor specializing in kitchen appliances and smart home technology. She's been a tech journalist for 15 years, and is here to help you choose the right devices for your home and do more with them. When not working she's a keen home baker, and makes a pretty mean macaron.