Google receives flak for not patching PNG vulnerability, researchers say millions of Android users still at risk

By Digit NewsDesk | Published on 11 Feb 2019

Google’s February Security patch for phones included a fix for a critical PNG vulnerability. Security researchers slam Google for not patching the flaw earlier.

Google receives flak for not patching PNG vulnerability, researchers say millions of Android users still at risk

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more



  • Google recently patched a PNG vulnerability.
  • The flaw could infect Android users and is still a cause of concern, as per security researchers.
  • Google’s frivolous approach to media parsing deemed root cause of the issue. 


Early this month, Google announced that its February security update is now available for Google Pixel series of smartphones. While the new patch addresses a wide range of vulnerabilities, Google has received flak from cybersecurity experts for not patching a flaw earlier that the company itself has deemed a critical security vulnerability in Framework. The bug in question enables a remote attacker to execute arbitrary code within the context of a privileged process using a specially crafted Portable Network Graphics (PNG) file. Android Headlines reports that a security expert from Tripwire computer security, Craig Young, calls the flaw “alarming” and suggests that the “root cause of the issue is a frivolous approach to media content parsing on Google's part.” 

One can be affected by the flaw by simply viewing a modified PNG image file that is infected. The primary issue here is that even though the flaw is being patched with the February security update, users can be exploited since the patch takes some time to make it to devices. Additionally, the problem is said to affect all devices running on Android 7.0 Nougat and above, and most smartphone makers might not even release a security patch for older devices. As per the report, Tim Erlin, Tripwire Product Management VP, is worried that "manufacturers may wait months to protect users from attackers" in this case, which is something that generally happens in the Android ecosystem. As of now, the only reasonable solution to this issue seems to be an expedited rollout process of the new February security patch. 

Speaking of cybersecurity, February 5 was Safer Internet Day and Google announced a bunch of new tools and products to help users secure their data. The company released a new Chrome extension called Password Checkup that works just like HaveIBeenPwned. It matches a user’s login credentials with its database of breached usernames and passwords and alerts them if it finds that the credentials were ever included in a data leak. In case the credentials match, the extension triggers an automatic warning and suggests that the user changes their password.

Google also announced new encryption called Adiantum, which is aimed at less powerful devices like entry-level smartphones and other smart devices like TVs and smartwatches. The new method is said to be designed such that there is no need to use specialised hardware for efficient encryption of locally stored data. 

Related Reads: 

Adiantum is Google’s latest security innovation to enable encryption on less powerful devices

Google’s new Password Checkup Chrome extension brings HaveIBeenPwned-like service to your browser

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.


Trending Articles


latest articles

View All

Top Products

Popular Mobile Phones

View All

Hot Deals

View All

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status