Unsafe PendingIntent in setOnClickActivityIntent of SearchWidgetProvider.java allows unauthorized access to contacts and history bookmarks
CVE-2021-0953 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278
Learn more about our Cis Benchmark Audit For Google Android.