Google-Android

Google has issued a statement regarding the recently reported WebView security flaw that affects devices running Android 4.3 Jelly Bean and older versions, a flaw that potentially puts over 900 million users at risk. The statement is essentially a follow-up to the Android security team's earlier response that it is up to OEMs to address the issue, and that the company has already addressed the issue with the release of Android 4.4 KitKat and Android 5.0 Lollipop.

For those who are unaware, WebView is a part of the Android OS that lets app developers render webpages in apps without requiring a full browser. The component was based on the Webkit engine, which was replaced by Google's Chromium engine when Android 4.4 KitKat launched, resolving the reported vulnerability in WebView and also enabling quick binary updates to the component via OEM updates. Android 5.0 Lollipop then unbundled WebView from the operating system, allowing it to be downloaded and updated separately by users from Google Play - without requiring an OEM fix.

Adrian Ludwig, from Google's Android security team, in a Google+ post on Friday says Google issues bug fixes to the current version of Android on the Android Open Source Project (AOSP) page, and directly provides patches "Android partners with patches for at least the last two major versions of the operating system."