Researcher shows exploit Chrome for Android that would work on all devices

Spread the love

At the MobilePwn2Own security competition at the PacSec conference in Tokyo, a researcher showed an exploit for Chrome on Android. According to him, all Android devices are susceptible to this vulnerability, which uses the V8 javascript engine.

The Register reports that the exploit uses a single vulnerability, unlike many exploits that use multiple vulnerabilities. The researcher, Guang Gong, associated with the security company Qihoo 360, said it took three months to develop the exploit. He demonstrated the exploit on a Nexus 6.

Once the researcher visited a particular website, any application could be installed without any interaction with the user, the PacSec organizer told the Australian branch of The Register. In an update, the site says that according to the researcher, all Android versions with the latest version of Chrome are susceptible.

Details of the vulnerability in Google’s open source V8 engine have not been disclosed. However, a security researcher from Google who was present on site did receive details about the operation. It is unclear whether Guang Gong is eligible for a reward through any of Google’s reward programs.

You might also like