Posted by Feng Ning via Fulldisclosure on Mar 12
Subject: Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)
# Alipay DeepLink + JSBridge Attack Chain
# Silent GPS Exfiltration via Crafted URL
## Overview
Researcher: Jiqiang Feng / Innora AI Security Research
Vendor: Ant Group (蚂蚁集团) / Alibaba Group
Product: Alipay (支付宝) v10.x (Android & iOS)
Users Affected: 1 billion+
CVEs: 6 submitted to MITRE CNA-LR (2026-03-12)
CVSS: 7.4–9.3…
– Read More – Full Disclosure
