Android Google Chrome Exploit

Chrome is the web browser at the center of Google’s empire – both on desktops as well as mobile devices. In addition to being just a standalone app (which may or may not be preloaded on your smartphone), the Chrome engine also drives the component that displays web content inside apps. As you might expect, a vulnerability in that engine could cause significant problems for the device running it. Such is the case with a particularly troublesome Android Google Chrome exploit.

During the recent PacSec conference in Tokyo, Qihoo 360 developer Guang Gong showed off a vulnerability which takes advantage of Chrome’s V8 javascript engine. By directing a user to a specific webpage, the malicious javascript is executed which, in this example, was used to install a game to the targeted device. Thankfully, Guang Gong is what we’d call a “white hat” hacker, so nothing malicious was done. However, his three months of research into the vulnerability demonstrated the fact that, should the technique make it into the wrong hands, malicious code could be automatically installed on Android-powered devices through the Chrome browser without any user interaction at all.

Gong showed this vulnerability to a Google representative who saw it in action. Thanks to his discovery, Google will be working on a patch which should be able to be deployed through the Play Store – and likely won’t require a system patch.

Chrome Exploit


What should you do this Chrome exploit? Keep in mind that this exploit has not been released into the wild – and it’s developer has no intent to do so.

To help keep your device safe, make sure you’re running the latest system update. This might be easier said than done, but OEMs and carriers are getting better at making sure devices get patches. Failure to do so could make them liable for any known holes they knowingly didn’t update – but don’t depend on that.

Google is also pressuring OEMs to accept a monthly update schedule through which patches can be distributed – though not all OEMs are onboard with that plan.

Keep your apps up-to-date. To help circumvent the “patches” problems illustrated above, many OEMs have started distributing their apps through the Play Store. This delivery mechanism sidesteps carriers (which are often the source of delays) and helps “fixes” to arrive on your phones and tablets much quicker than they would via an OTA update. Check the Play Store often and make sure you’ve updated everything you have installed. Eventually this is where the patch for Chrome will come from.

Lastly, avoid visiting “questionable” or “suspect” websites. Most of the time “legitimate” sites aren’t going to carry malicious payloads. It’s not a guarantee, but it will reduce your risk.

You May Also Like
Galaxy Note10+ 5G

Save at least $200 on any Samsung Galaxy S10 and Galaxy Note10 model

Starting now, valid until 11:59PM Saturday, November 23, you can grab a Samsung Galaxy S10, S10e, S10+, or a Galaxy Note10, Note10+ and save at least $200.

Pocketnow Daily: Samsung Galaxy S11 With the BEST DISPLAY… Again?! (video)

On today’s Pocketnow Daily, we talk about the possible 120Hz display in future Samsung devices, the OnePlus 8’s possible design and more
Motorola RAZR

The new Moto Razr already has a possible price and release date for Europe

We may already have a price tag for the new Moto Razr for customers in Europe, along with an idea of when it will be available