Newly Discovered Chrome Exploit Puts Every Android User At Risk

Uzair Ghani
Posted 11 months ago

The world of Android security is very, very fragile as we tend to come across a bunch of security related loopholes on an almost weekly basis. Today, a new Chrome based vulnerability has been discovered that allows an attacker to take complete control over an Android device, and the worrying part is, every Android user is affected by it currently as the exploit remains unpatched.

Android Marshmallow

The new exploit, revealed at the MobilePwn2Own panel at the PacSec conference, allows a potential attacker to utilize a Chrome link to divert a user covertly to a malicious website, and from there the attacker can take complete control of the device, allowing them to install any app of their choice.

The exploit was revealed and demonstrated by Guang Gong, a Chinese security researcher, and during his presentation, he showed how a Nexus 6 can be completely hijacked and taken over. Gong also revealed that the attacker can utilize the JavaScript v8 engine to take over the device, which means that any Android device running the latest version of Chrome is affected at this current point in time.

Luckily, the specifics of the exploit haven’t been revealed so that ill-intentioned individuals do not make use of this massive loophole. And given that the exploit hasn’t been utilized by anyone out in the wild, therefore it’s highly likely that Google will patch this one in an extremely swift manner, therefore expect a Chrome update to hit your device in a short while. Also, a Google representative was present in the security conference, so you can expect things to take off in a positive light.

Apple Announces Bug Bounty Program, Will Pay Up To $200K For Vulnerabilities



Despite Google working round the clock to ensure that its mobile OS stays as secure as possible, it’s alarming to see that such exploits still exist in the wild. But it’s heartwarming on the other hand to note that the exploit didn’t fall into the wrong hands before it was showcased to the general public, which means that Google has ample time to patch it up.

We highly recommend that users install apps and games from official sources rather than third-party, unmonitored outlets. Furthermore, make sure that your device is set to not install apps from third-party sources. Simply navigate to Settings > Security and uncheck the ‘Unknown sources’ box to disallow installation of apps and games from third-party sources apart from the Play Store.

A little protection can go a long way in protecting your personal data.


Share on Facebook Share on Twitter Share on Reddit