Chrome is the web browser at the center of Google’s empire – both on desktops as well as mobile devices. In addition to being just a standalone app (which may or may not be preloaded on your smartphone), the Chrome engine also drives the component that displays web content inside apps. As you might expect, a vulnerability in that engine could cause significant problems for the device running it. Such is the case with a particularly troublesome Android Google Chrome exploit.
Gong showed this vulnerability to a Google representative who saw it in action. Thanks to his discovery, Google will be working on a patch which should be able to be deployed through the Play Store – and likely won’t require a system patch.
What should you do this Chrome exploit? Keep in mind that this exploit has not been released into the wild – and it’s developer has no intent to do so.
To help keep your device safe, make sure you’re running the latest system update. This might be easier said than done, but OEMs and carriers are getting better at making sure devices get patches. Failure to do so could make them liable for any known holes they knowingly didn’t update – but don’t depend on that.
Google is also pressuring OEMs to accept a monthly update schedule through which patches can be distributed – though not all OEMs are onboard with that plan.
Keep your apps up-to-date. To help circumvent the “patches” problems illustrated above, many OEMs have started distributing their apps through the Play Store. This delivery mechanism sidesteps carriers (which are often the source of delays) and helps “fixes” to arrive on your phones and tablets much quicker than they would via an OTA update. Check the Play Store often and make sure you’ve updated everything you have installed. Eventually this is where the patch for Chrome will come from.
Lastly, avoid visiting “questionable” or “suspect” websites. Most of the time “legitimate” sites aren’t going to carry malicious payloads. It’s not a guarantee, but it will reduce your risk.