Google’s February Security patch for phones included a fix for a critical PNG vulnerability. Security researchers slam Google for not patching the flaw earlier.

Google receives flak for not patching PNG vulnerability, research...


  • Google recently patched a PNG vulnerability.
  • The flaw could infect Android users and is still a cause of concern, as per security researchers.
  • Google’s frivolous approach to media parsing deemed root cause of the issue. 


Early this month, Google announced that its February security update is now available for Google Pixel series of smartphones. While the new patch addresses a wide range of vulnerabilities, Google has received flak from cybersecurity experts for not patching a flaw earlier that the company itself has deemed a critical security vulnerability in Framework. The bug in question enables a remote attacker to execute arbitrary code within the context of a privileged process using a specially crafted Portable Network Graphics (PNG) file. Android Headlines reports that a security expert from Tripwire computer security, Craig Young, calls the flaw “alarming” and suggests that the “root cause of the issue is a frivolous approach to media content parsing on Google’s part.” 

One can be affected by the flaw by simply viewing a modified PNG image file that is infected. The primary issue here is that even though the flaw is being patched with the February security update, users can be exploited since the patch takes some time to make it to devices. Additionally, the problem is said to affect all devices running on Android 7.0 Nougat and above, and most smartphone makers might not even release a security patch for older devices. As per the report, Tim Erlin, Tripwire Product Management VP, is worried that “manufacturers may wait months to protect users from attackers” in this case, which is something that generally happens in the Android ecosystem. As of now, the only reasonable solution to this issue seems to be an expedited rollout process of the new February security patch. 

Speaking of cybersecurity, February 5 was Safer Internet Day and Google announced a bunch of new tools and products to help users secure their data. The company released a new Chrome extension called Password Checkup that works just like HaveIBeenPwned. It matches a user’s login credentials with its database of breached usernames and passwords and alerts them if it finds that the credentials were ever included in a data leak. In case the credentials match, the extension triggers an automatic warning and suggests that the user changes their password.

Google also announced new encryption called Adiantum, which is aimed at less powerful devices like entry-level smartphones and other smart devices like TVs and smartwatches. The new method is said to be designed such that there is no need to use specialised hardware for efficient encryption of locally stored data. 

Related Reads: 

Adiantum is Google’s latest security innovation to enable encryption on less powerful devices

Google’s new Password Checkup Chrome extension brings HaveIBeenPwned-like service to your browser

Digit NewsDeskDigit NewsDesk

‘).insertAfter(‘.inside-container p:eq(1)’); */
// $( ” ).insertAfter(‘.inside-container p:eq(0)’);
//method to trunkate the text
function shorten(text, maxLength) {
var ret = text;
if (ret.length > maxLength) {
ret = ret.substr(0,maxLength-3) + “…”;
return ret;

//function to put utm on DontMiss links
$(‘div.dontMiss > a’).each(function(){
$(this).prop(‘href’, $(this).prop(‘href’)+’?utm_source=within_article&utm_medium=desktop&utm_campaign=related’);
//trunkate dont miss content
var sub = shorten($(this).html(),47);
$(‘div.dontMiss > a’).each(function(){
$(this).prop(‘href’, $(this).prop(‘href’)+’?utm_source=within_article&utm_medium=mobile&utm_campaign=related’);

//disabled method to append dontmiss links to page content by Mayank
/*$(‘div.dontMiss > a’).each(function(index){
//loop over each list item

// if(index%2 > 0){
// index = index – 1;
// }
if($(‘.inside-container > p:eq(‘+index+’)’).length){
$(‘.inside-container > p:eq(‘+((index * 2) + 1)+’)’).append(‘

Related: ‘ + $(this).html() + ‘‘ );
$(‘.inside-container > p:eq(‘+((index * 2) + 1)+’)’).append(‘

Related: ‘ + $(this).html() + ‘‘ );

/* if(isDesktop()) {
} */

* ga event tracking on page scroll start and end by Mayank

// Debug flag
var debugMode = false;

// Default time delay before checking location
var callBackTime = 100;

// # px before tracking a reader
var readerLocation = 150;

// Set some flags for tracking & execution
var timer = 0;
var scroller = false;
var endContent = false;
var didComplete = false;

// Set some time variables to calculate reading time
var startTime = new Date();
var beginning = startTime.getTime();
var totalTime = 0;

// Get some information about the current page
var pageTitle = document.title;

// Track the aticle load — disabled
if (!debugMode) {
// ga(‘send’, ‘event’, ‘Reading’, ‘ArticleLoaded’, pageTitle, {‘nonInteraction’: 1});
// console.log(“ga(‘send’, ‘event’, ‘Reading’, ‘ArticleLoaded’, pageTitle, {‘nonInteraction’: 1}”);
} else {
alert(‘The page has loaded. Woohoo.’);

// Check the location and track user
function trackLocation() {
bottom = $(window).height() + $(window).scrollTop();
height = $(document).height();

// If user starts to scroll send an event
if (bottom > readerLocation && !scroller) {
currentTime = new Date();
scrollStart = currentTime.getTime();
timeToScroll = Math.round((scrollStart – beginning) / 1000);
if (!debugMode) {
ga(‘send’, ‘event’, ‘Reading’, ‘StartReading’, pageTitle, timeToScroll, {‘metric1’ : timeToScroll});
} else {
alert(‘started reading ‘ + timeToScroll);
scroller = true;

// If user has hit the bottom of the content send an event
if (bottom >= $(‘.inside-container’).scrollTop() + $(‘.inside-container’).innerHeight() && !endContent) {
currentTime = new Date();
contentScrollEnd = currentTime.getTime();
timeToContentEnd = Math.round((contentScrollEnd – scrollStart) / 1000);
if (!debugMode) {
if (timeToContentEnd = height && !didComplete) {
currentTime = new Date();
end = currentTime.getTime();
totalTime = Math.round((end – scrollStart) / 1000);
if (!debugMode) {
ga(‘send’, ‘event’, ‘Reading’, ‘PageBottom’, pageTitle, totalTime, {‘metric3’ : totalTime});
} else {
alert(‘bottom of page ‘+totalTime);
didComplete = true;

// Track the scrolling and track location
$(window).scroll(function() {
if (timer) {

// Use a buffer so we don’t call trackLocation too often.
timer = setTimeout(trackLocation, callBackTime);

‘).insertAfter(“.inside-container p:eq(2)”);


Source link