{"id":"ASB-A-184046278", "published":"2021-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0953", "A-184046278"], "details":"In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/QuickSearchBox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-12-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["166902988781562001802179094443786026920", "4603613469389726059244767091161022984", "317465663099566999535136987815160284504", "13635714733259997166812580850938143114"], "threshold":0.9}, "id":"ASB-A-184046278-6b36b0dd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java"}}, {"deprecated":false, "digest":{"function_hash":"44459358454518948558358821354827334476", "length":168}, "id":"ASB-A-184046278-e0ac779c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java", "function":"setOnClickActivityIntent"}}]}}, {"package":{"name":"platform/packages/apps/QuickSearchBox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"44459358454518948558358821354827334476", "length":168}, "id":"ASB-A-184046278-1684cc44", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java", "function":"setOnClickActivityIntent"}}, {"deprecated":false, "digest":{"line_hashes":["166902988781562001802179094443786026920", "4603613469389726059244767091161022984", "317465663099566999535136987815160284504", "13635714733259997166812580850938143114"], "threshold":0.9}, "id":"ASB-A-184046278-72220f6f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java"}}]}}, {"package":{"name":"platform/packages/apps/QuickSearchBox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"44459358454518948558358821354827334476", "length":168}, "id":"ASB-A-184046278-d92136b2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java", "function":"setOnClickActivityIntent"}}, {"deprecated":false, "digest":{"line_hashes":["166902988781562001802179094443786026920", "4603613469389726059244767091161022984", "317465663099566999535136987815160284504", "13635714733259997166812580850938143114"], "threshold":0.9}, "id":"ASB-A-184046278-f639321d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java"}}]}}, {"package":{"name":"platform/packages/apps/QuickSearchBox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"44459358454518948558358821354827334476", "length":168}, "id":"ASB-A-184046278-966e5e0c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java", "function":"setOnClickActivityIntent"}}, {"deprecated":false, "digest":{"line_hashes":["166902988781562001802179094443786026920", "4603613469389726059244767091161022984", "317465663099566999535136987815160284504", "13635714733259997166812580850938143114"], "threshold":0.9}, "id":"ASB-A-184046278-a3d4c3da", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/QuickSearchBox/+/ae2c873754cd8c54ce8a76aacbc0e1a0bf827188", "target":{"file":"src/com/android/quicksearchbox/SearchWidgetProvider.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-12-01"}]}