Security Notice - Statement on trustlook published the technical report about BadKernel Vulnerability in Google Chrome V8 Engine
- Initial Release Date: 2016.10.06
- Last Release Date: 2016.12.28
Huawei has noticed that there is a technical report about “badkernel” vulnerability published by trustlook. The flaw exists in version 3.20 to 4.2 of the Chrome V8 engine. An attacker could induce a user to visit a malicious URL and cause arbitrary code execution. Huawei has already launched the investigation.
The investigation is over. Huawei smartphone products using the Chrome V8 engine have fixed this vulnerability, the latest smartphone versions are therefore not affected by this vulnerability.
Two Device IC products software were affected by this vulnerability, Huawei has fixed this vulnerability and delivered Security Advisory. The link of the security advisory is: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-01-badkernel-en
Customers can get necessary support for product security vulnerabilities through Huawei local technical service.
2016-12-28 V1.2 FINAL
2016-12-07 V1.1 UPDATE Update the investigation information.
2016-10-6 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.