<p><pre><code> The exploit itself is 22,963 bytes of code and if successful will ultimately result in the forced download of a file name loader to the /data/data/com.android.browser directory of the victim device
</code></pre>
How can a website force download a file to a device? Seems like a browser vulnerability
I am gonna have to call BS on this report. Everyone knows that google including gmail is blocked in China, so why would they try to get a hold of their google oauth? Additionally, I just went onto one of the mentioned websites at random, turkistantimes.com and guess what, the site is hosted in the America, in Houston!<p>So either that Xinjiang province is not behind the great firewall, or that Xinjiang has far greater internet freedom than the rest of China, so which one is which? You can't really have both in this case.