A security researcher, speaking at the PacSec conference in Tokyo, has revealed his discovery of a critical exploit in the latest version of Chrome for Android that could allow an attacker to gain total control of a user’s device. Even the latest phones running the most up-to-date version of Android can fall victim to the hack, which is carried out when a user visits a website that has a line of malicious code.
During a demonstration to show how complete control over Android was achieved, a third-party app was downloaded to the device, all without any user interaction. In this case the app was just a game, but in the real world attackers could install far more malicious software.
PacSec organizer Dragos Ruiu commented that what makes this exploit impressive is the fact that it can be executed in “one shot,” as opposed to an attack that makes use of several vulnerabilities to gain access. Fortunately this Chrome exploit isn’t out in the wild yet, and now that Google knows about it, a patch should be on the way.
SOURCE The Register