File-based XSS Vulnerability

Hi Support,
After publishing the App in Playstore, I got mail from Google which said that my Browser app(s) are using a WebView that is vulnerable to file-based cross-site scripting.

Below is the mail.
Hello Google Play Developer,

We reviewed Your Browser App, with package name com.tesg.browser, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK.

Vulnerability APK Version(s) Deadline to fix
File-based XSS

Your app(s) are using a WebView that is vulnerable to file-based cross-site scripting.

To address this issue, follow the steps in this Google Help Center article.|1|August 14, 2021|

Vulnerability APK Version(s) Deadline to fix

To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours. We’ll show a warning message if the app hasn’t been updated correctly.

While these vulnerabilities may not affect every app, it’s best to stay up to date on all security patches.

If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.” For clarification on steps you need to take to resolve this issue, you can contact our developer support team.

Best,

The Google Play Team

Welcome to the community. You can use search :mag: option in the community for same issues for example check

File-based XSS Vulnerability

1 Like

This May help you