This page lists publicly disclosed CVE vulnerabilities for android android_browser from every vulnerable NVD CPE match row for this product, including cases where the versions table cannot show finer version attributes.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-7298 | The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | [email protected] | 5.8 | 0.99% | 2011-08-09 | 2026-06-16 |