New Chrome browser vulnerability could let hackers take control of any Android phone with a link


Developers are always finding for ways to penetrate the defenses of mobile devices and their security gateways. #Android is often the preferred target, which has allowed #Google to make necessary changes to the system accordingly. Japan is hosting the MobilePwn2Own developer hackathon which encourages devs to break into browsers and mobile operating systems.

A security researcher named Guang Gong has now managed to uncover a Chrome browser exploit that could break into practically any Android device with the help of a simple link. He managed to break into a Nexus 6 running Google’s Project Fi network to demonstrate the vulnerability.

Gong said – “As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.”

The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine.”

This is a major find by Gong and has fetched him a trip to the CanSecWest conference in 2016. It is hoped that Google will take note of this issue and fix it accordingly.

Via: The Register