critical vulerability Smp Blogs

This Chrome Vulnerability Lets Hackers Control Any Android Device

A critical vulnerability in Chrome for Android can allow anyone with technical know how to remotely take control of virtually any Android-based device. The vulnerability in Google’s JavaScript v8 reportedly affects all versions of Android running the latest version of Chrome.

The vulnerability was exploited and demonstrated by PacSec speaker Guang Gong from Qihoo 360 at Pwn2Own, a popular hacking contest.

What adds to its severity is that it’s a one shot exploit, meaning just one vulnerability was enough to remotely hack the device. Essentially, a user needs to be tricked into visiting a malicious website on Chrome. Once there, an attacker can easily install an arbitrary application into the device and gain full privileges.

“As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone,” it was reported .

No more details about the exploit were disclosed. Google has reportedly been made aware of the Chrome vulnerability. Whether or not, it has been fixed is yet to be confirmed.

Earlier, Google’s Project Zero team found 11 security loopholes  some of them of high-severity and easy to exploit in Samsung’s flagship Galaxy S6 Edge phone, another Android-based device.

The team was quick to point out that OEMs “introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carrier.”

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *