New Found Google Chrome Vulnerability Could Give Complete Access To Your Android Phone
Google Chrome is the most used browser across the Android phones throughout the world. However, a recently demonstrated experiment shows that it is the most easily exploitable browser on an Android device. The vulnerability was demonstrated at MobilePwn2Own, PacSec conference held in Tokyo where the researcher even claimed that it affects all Android devices which run the current version of Chrome.
Here is what Guang Gong from Qihoo 360, which is a Chinese security company, explained in the conference. Firstly, the user has to be tricked into visiting a malicious website, which is pretty easy, considering we all know how the pop ups appear out of nowhere when we click somewhere on a web page. After the user is directed to the malicious site, the vulnerability can then be exploited using JavaScript V8 which is Google’s JavaScript engine.
Through the V8 engine, the attackers can install an arbitrary app on your device. This app doesn’t require any permission to install and once it is installed, it allows the attacker a complete access on your device. Dragos Ruiu, the organizer of the conference said that the most impressive thing about the exposed vulnerability is that it is a ‘one-shot exploit’. What it means is that the phone becomes susceptible even if the user goes wrong just once unlike other vulnerabilities which requires the user to perform several steps before the attacker gets a complete access of the phone.
The exact back-end details of the threat haven’t been revealed but the event organizers assured that Google has been made aware about the threat. Let’s hope they take the appropriate action soon.
Via: #-Link-Snipped-#
Here is what Guang Gong from Qihoo 360, which is a Chinese security company, explained in the conference. Firstly, the user has to be tricked into visiting a malicious website, which is pretty easy, considering we all know how the pop ups appear out of nowhere when we click somewhere on a web page. After the user is directed to the malicious site, the vulnerability can then be exploited using JavaScript V8 which is Google’s JavaScript engine.
Through the V8 engine, the attackers can install an arbitrary app on your device. This app doesn’t require any permission to install and once it is installed, it allows the attacker a complete access on your device. Dragos Ruiu, the organizer of the conference said that the most impressive thing about the exposed vulnerability is that it is a ‘one-shot exploit’. What it means is that the phone becomes susceptible even if the user goes wrong just once unlike other vulnerabilities which requires the user to perform several steps before the attacker gets a complete access of the phone.
The exact back-end details of the threat haven’t been revealed but the event organizers assured that Google has been made aware about the threat. Let’s hope they take the appropriate action soon.
Via: #-Link-Snipped-#
Replies
You are reading an archived discussion.
Related Posts
Snapdeal has introduced 'Snap-lite', the mobile optimised version of snapdeal.com. The timing of the announcement is quite interesting as it comes just about four days after its rival Flipkart announced...
I had chosen Quora daily data analysis, it means I had the rough data (it is obtained by subtracting qids of 2 ques. of two days) of ques. per day....
1) what is css?
2) what do you understand by the term HIDS & NIDS?
By now, many of you have started receiving your CrazyEngineers PRO T-Shirts. We can't wait to see how it looks on you! 😀 Click a photo of yourself wearing the...
A team of researchers from MIT, Adobe Systems and Stanford University has developed a new system that reduces bandwidth consumption by server-based image processing by 98% and as much as...