This hack with Chrome for Android makes every phone vulnerable

Chinese researcher Guang Gong demonstrated a hack on the Android version of Chrome, during a PacSec conference  recently held in Tokyo. This hack targets only the JavaScript engine of the browser. With this, it can contaminate the whole device.

google-chrome

As showcased during the conference, when a user visits a malicious website with the malware. An app can be installed on your phone even without your knowledge. One can almost imagine how far this can be exploited.

“As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.”

The Chinese researcher who discovered this was rewarded with a flight to the Vancouver CanSecWest security conference in March 2016, and also a ski trip. Thankfully this vulnerability can be patched with a single update to Google Chrome unlike Stagefright that required a full system update.

As always, we should be mindful if the sites we visit, especially those offering paid products for free.

Source

Loading...

2 Thoughts to “This hack with Chrome for Android makes every phone vulnerable”

  1. I still think phone security is overhyped. The average users care less about all these patches and loopholes.

    Only the techies get sleepless nights over this kinda thing

  2. Sigh… Leave my android alone

Leave a Comment