CVE-2020-16873

Name of the Vulnerable Software and Affected Versions: Microsoft Xamarin.Forms versions prior to 83.0.4103.106

Description: A spoofing issue exists due to the default settings on Android WebView, allowing an attacker to execute arbitrary Javascript code on a target system. The attack requires the targeted user to browse to a malicious website or a website serving malicious code through Xamarin.Forms. The security update prevents malicious Javascript from running in the WebView.

Recommendations: For versions prior to 83.0.4103.106, update to version 83.0.4103.106 or later to address the spoofing vulnerability. As a temporary workaround, consider restricting access to the WebView component to minimize the risk of exploitation. Avoid using the Xamarin.Forms component to browse to untrusted websites until the issue is resolved.