This Chrome Vulnerability Lets Hackers Control Any Android Device
The vulnerability was exploited and demonstrated by PacSec speaker Guang Gong from Qihoo 360 at Pwn2Own, a popular hacking contest.
What adds to its severity is that it’s a one shot exploit, meaning just one vulnerability was enough to remotely hack the device. Essentially, a user needs to be tricked into visiting a malicious website on Chrome. Once there, an attacker can easily install an arbitrary application into the device and gain full privileges.
No more details about the exploit were disclosed. Google has reportedly been made aware of the Chrome vulnerability. Whether or not, it has been fixed is yet to be confirmed.
Earlier, Google’s Project Zero team found 11 security loopholes some of them of high-severity and easy to exploit in Samsung’s flagship Galaxy S6 Edge phone, another Android-based device.
The team was quick to point out that OEMs “introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carrier.”