New Exploit In Chrome For Android App Discovered

Android / Mobile / Tech

A new exploit in the Chrome for Android app is a threat to Android phones everywhere even those running Google’s latest Marshmallow update. The exploit gives a hacker complete control of the target phone and in a “one shot” deployment, meaning there aren’t levels of security to break through. The exploit is thought to be an issue with Javascript v8, once exploited and control is taken, the hacker could get all information on the device.

“As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone. The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine”-Dragos Ruiu, PacSec organizer

Developer Guang Gong took three months to develop this exploit and we’re assuming he’s already notified Google of the exploit before going public with it. This should mean Google either is working on the fix or is preparing to push the fix to the Chrome app in the Google Play Store. Unlike Android system fixes which generally take longer to hit non-Nexus phones, if the issue is addressed within the Chrome app itself it will be fixed on more Android devices quicker.

What do you think of this latest Android exploit? Let us know in the comments below or on Google+, Facebook and Twitter.

  Source: Phone Arena
To Top