A vulnerabilitiy recently patched by Google in Chrome for Android was an information disclosure bug that was originally reported in 2015, but not patched until the release of Chrome 70 in October 2018, security researchers say.
The issue is that the browser – along with WebView and Chrome Tabs for Android – discloses information about the hardware model, firmware version, and security patch level of the device it is installed on. Applications using Chrome to render web content are also impacted.
This behavior, however, is defined in the Chrome docs, which state that the Chrome for Android User Agent string includes the Android version number and build information.