Latest Google Android phones hacked with tidy one-stop-ChromeWeb-Browser-pop


Well-Known Member
Staff member
Full GL Member
Mature Board Viewing
Unlock full profile styling
PacSec Google's Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset.

The exploit, showcased at MobilePwn2Own at the PacSec conference in Tokyo yesterday but not disclosed in full detail, targets the JavaScript v8 engine. It can probably hose all modern and updated Android phones if users visit a malicious website.

It is also notable in that it is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers say.

Quihoo 360 researcher Guang Gong showcased the exploit which he developed over three months.

PacSec organiser Dragos Ruiu told Vulture South the exploit was demonstrated on a new Google Project Fi Nexus 6.

"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction, " Ruiu says.

Read More

I wonder if this security problem also affect other Android browsers which use Chromium which is the free open source version of Chrome.

I guest, it is better to use Firefox for Android now since it uses the Firefox web browser engine.
At least, these bugs get found by Computer Security Researchers, and news coverage from the mainstream tech news sites, so people know that Google Chrome is not safe to use on Android until this security bug is fixed.

I think the main reason Chrome, and Android have more known security problems because there are a lot of Security Researchers who spend a lot of time looking for security bugs.