Webview: An in-app Web Browser created to ensure seamless user experience without context switching between browser and mobile application. It allows developers to display web content directly into their mobile application and supports the concept of code reuse thus Webviews are extensively used in current mobile application development. This presentation will cover the common Webview related security issues and the techniques to prevent those security issues and make the mobile applications secure and robust. We would be talking about the following common security issues and their prevention:
In the later part of the presentation, we will cover the story behind getting the Chromium CVE:2021-21136 (https://bugs.chromium.org/p/chromium/issues/detail?id=1038002). A security issue in Android Webviews leads to leakage of sensitive data such as user’s auth tokens and shared secrets to the third party.