Latest scary Android vulnerability can compromise any handset through Chrome

Is 2015 destined to go down in history as the year we all started developing a healthy sense of fear about the state of smartphone security? Exploits like Stagefright have exposed an unprecedented number of handsets to possible attack, and every time the powers that be patch one vulnerability, it feels like we’re hearing about a new one popping up. The latest to come to our attention threatens to compromise any Android device running recent versions of Chrome, gaining full control of the platform when the user visits a malicious website.

The attack was demonstrated earlier this week at the PacSec conference in Japan, where Quihoo 360 researcher Guang Gong demonstrated the attack against Google’s mobile Chrome browser. A vulnerability in the app’s JavaScript V8 engine allows attackers to do largely whatever they’d like to a victim’s phone – the demo showed how apps could be silently installed, but that’s just one way a hacker might seek to take advantage of the bug.

With Chrome so pervasive on Android phones and tablets, this means that a huge percentage of the current Android user base is potentially exposed.

The good news is that as an app-based vulnerability and not one baked into the system like Stagefright, this one will hopefully be a lot easier to patch – and get that patch out to users everywhere. There’s also the critical detail that the full specifics of this exploit haven’t yet been publicly revealed, so it may well be patched before malware authors ever have the chance to take advantage of it.

Source: The Register
Via: Android and Me

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!