Newly Detected Chrome Exploit Puts Every Android Users at Risk


Engadget reports that each version of Android with the latest Chrome are pretty compromised. During the panel PSN2OWN PacSec conference in Tokyo last November 11, Guang Gong, a researcher Quihoo 360, demonstrated the operation of the exploit. The details have not been fully disclosed, but in essence the exploit uses JavaScript v8 to give the attacker full administrative access to the device in one shot.

New Chrome Exploit Puts Android Users in truoble
The organizer of PacSec Dragos Ruiu explained to Vulture South, “The impressive thing is that the exploit Guang works in one shot: most people these days have to exploit several vulnerabilities to gain privileged access to software without interaction”.

“As soon as your phone has access to the vulnerabilities site in Chrome JavaScript V8 is used to install an arbitrary application (in this case a game of BMX bikes) without any interaction from the user to gain control of the telephone,” he further said Dragos Ruiu.

PC Mag noted that from the time when Google was notified of the bug during the conference, some corrections are probably coming in and those who would take advantage of this exploit will not be able to do so. And since Guang Gong has not fully disclosed the details to the public, it may be qualified to receive an award under the program bug bounty Google , which pays rewards of up to $ 15,000 for those shows or solves problems of Chrome.

Last month were found two new vulnerabilities Stagefright , putting billions of users with devices running on Android versions also dating back to the distant 2008 at risk. Stagefright 2.0 can affect devices running versions of Android Lollipop (5.0 to 5.1.1) through remote code execution, Zimperium said in a report, and can be exploited via a web browser. Zimperium informed Google of these defects on August 15 and October 5, and Google has released new patches promptly.

Leave a Reply

Your email address will not be published. Required fields are marked *