Unsafe PendingIntent in setOnClickActivityIntent of SearchWidgetProvider.java allows unauthorized access to contacts and history bookmarks

Unsafe PendingIntent in setOnClickActivityIntent of SearchWidgetProvider.java allows unauthorized access to contacts and history bookmarks

CVE-2021-0953 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278

Learn more about our Cis Benchmark Audit For Google Android.