Hackers have discovered a critical exploit in Chrome
for Android reportedly capable of compromising
virtually every version of Android running the latest
Chrome. Quihoo 360 researcher Guang Gong
demonstrated the vulnerability to the PSN2OWN
panel at the PacSec conference in Tokyo yesterday.
While the inner workings of the exploit are still
largely under wraps, we do know that it leverages
JavaScript v8 to gain full administrative access to the
victim's phone.
"The impressive thing about Guang's exploit is that it
was one shot; most people these days have to exploit
several vulnerabilities to get privileged access and
load software without interaction," PacSec organiser
Dragos Ruiu told Vulture South. "As soon as the
phone accessed the website the JavaScript v8
vulnerability in Chrome was used to install an
arbitrary application (in this case a BMX Bike game)
without any user interaction to demonstratecomplete control of the phone." Unfortunately, real-
world applications would be far less benign. Google
has already been alerted to the bug and is expected
to pay out a sizeable bounty for the heads up
Story from Engadget.
No comments:
Post a Comment