Daniel Micay on Twitter: "https://t.co/waroURB4oy It's 3 vulnerabilities in Skia, which is a 2D rendering library used by Android, Firefox and Chromium. It's widely used and the context where an attacker could gain code exec varies. For Chromium on Android it's in the Chrome or WebView renderer sandbox." / Twitter

twitter.com/EtTuCarl/statu It's 3 vulnerabilities in Skia, which is a 2D rendering library used by Android, Firefox and Chromium. It's widely used and the context where an attacker could gain code exec varies. For Chromium on Android it's in the Chrome or WebView renderer sandbox.

Quote Tweet

Carl (fan parody)

@EtTuCarl

Feb 14, 2019

@DanielMicay Do you know exactly what part of Android does this (specific to built-in photo app, webview, or something else)? twitter.com/cybersecboardr…

7:27 PM · Feb 14, 2019Twitter Web Client

Replying to

There are other Android apps using it along applications on other platforms. There's a detailed post about the issues on the Project Zero blog: googleprojectzero.blogspot.com/2019/02/the-cu Can tell it has diverse apps using it from StackOverflow questions like stackoverflow.com/questions/4229 (C# on iOS).

stackoverflow.com

How to add rect using Skia Sharp and apply both fill color and stroke color to that object?

How to add rect or any shape using Skia Sharp and apply both fill color and stroke color to that object in iOS

2

Daniel Micay

@DanielMicay

Feb 14, 2019

Android uses it to implement standard features like the Android Canvas. Web browsers are among the few apps exposing a feature like that directly to untrusted input but there are probably other examples, and they wouldn't have an equivalent to the great Chromium renderer sandbox.

1

Replying to

Thank you.

Conversation