New Chrome exploit threatens Android with complete control hack

A security researcher, speaking at the PacSec conference in Tokyo, has revealed his discovery of a critical exploit in the latest version of Chrome for Android that could allow an attacker to gain total control of a user's device. Even the latest phones running the most up-to-date version of Android can fall victim to the hack, which is carried out when a user visits a website that has a line of malicious code.

The Chrome vulnerability was discovered by Guang Gong of Chinese software company Quihoo 360, and fortunately someone from Google's security team was also at the conference to collect the information. The full details of the exploit weren't made public, for obvious reasons, but it was said to take advantage of JavaScript v8.

During a demonstration to show how complete control over Android was achieved, a third-party app was downloaded to the device, all without any user interaction. In this case the app was just a game, but in the real world attackers could install far more malicious software.

PacSec organizer Dragos Ruiu commented that what makes this exploit impressive is the fact that it can be executed in "one shot," as opposed to an attack that makes use of several vulnerabilities to gain access. Fortunately this Chrome exploit isn't out in the wild yet, and now that Google knows about it, a patch should be on the way.

SOURCE The Register