Android Google Chrome Exploit

Chrome is the web browser at the center of Google’s empire – both on desktops as well as mobile devices. In addition to being just a standalone app (which may or may not be preloaded on your smartphone), the Chrome engine also drives the component that displays web content inside apps. As you might expect, a vulnerability in that engine could cause significant problems for the device running it. Such is the case with a particularly troublesome Android Google Chrome exploit.

During the recent PacSec conference in Tokyo, Qihoo 360 developer Guang Gong showed off a vulnerability which takes advantage of Chrome’s V8 javascript engine. By directing a user to a specific webpage, the malicious javascript is executed which, in this example, was used to install a game to the targeted device. Thankfully, Guang Gong is what we’d call a “white hat” hacker, so nothing malicious was done. However, his three months of research into the vulnerability demonstrated the fact that, should the technique make it into the wrong hands, malicious code could be automatically installed on Android-powered devices through the Chrome browser without any user interaction at all.

Gong showed this vulnerability to a Google representative who saw it in action. Thanks to his discovery, Google will be working on a patch which should be able to be deployed through the Play Store – and likely won’t require a system patch.

Chrome Exploit

play-store-new-1

What should you do this Chrome exploit? Keep in mind that this exploit has not been released into the wild – and it’s developer has no intent to do so.

To help keep your device safe, make sure you’re running the latest system update. This might be easier said than done, but OEMs and carriers are getting better at making sure devices get patches. Failure to do so could make them liable for any known holes they knowingly didn’t update – but don’t depend on that.

Google is also pressuring OEMs to accept a monthly update schedule through which patches can be distributed – though not all OEMs are onboard with that plan.

Keep your apps up-to-date. To help circumvent the “patches” problems illustrated above, many OEMs have started distributing their apps through the Play Store. This delivery mechanism sidesteps carriers (which are often the source of delays) and helps “fixes” to arrive on your phones and tablets much quicker than they would via an OTA update. Check the Play Store often and make sure you’ve updated everything you have installed. Eventually this is where the patch for Chrome will come from.

Lastly, avoid visiting “questionable” or “suspect” websites. Most of the time “legitimate” sites aren’t going to carry malicious payloads. It’s not a guarantee, but it will reduce your risk.

You May Also Like
Microsoft is reportedly working on Surface Duo V2 already, and it makes sense
Is it going to be the all-powerful, truly functional foldable phone we’ve been waiting for?
Samsung Galaxy S20 Ultra
Samsung may not include an in-box charger with its future Galaxy phones
After Apple, it’s Samsung’s turn.
Say goodbye to June with amazing deals on the 10.2-inch iPad and more
Today’s deals come from Amazon and B&H, where we find Apple’s 10.2-inch iPad the Samsung Galaxy Note 10 Lite and more on sale