Recovery & Repair
Data Transfer
Converter
Recorder
News & Events

Any Android Device is Unavoidable for New Exploit from Chrome

By FonePaw | Nov 19 , 2015

"Google's Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset."

 

This bug was discovered and issued by PacSec at MobilePwn2On conference in Tokyo. This exploit
is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers say, but they didn't disclose in full details of it, we only know that it also exists in JavaScript v8.

Google Chrome

 

The researcher showcased the exploit which he developed over three months. They also use Nexus 6 to browse the website, which includes malicious script to test this exploit.

 

"As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone."

 

"The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine," the researcher said.

 

Due to the complex exploit, Android users are supposed to enter the malicious websites optionally from Chrome.

guest
0 Comments
Inline Feedbacks
View all comments

Submit Guest Post to FonePaw

Share Your Masterpiece on FonePaw

0
Would love your thoughts, please comment.x
()
x