Chrome for Android exploit lets hackers easily take over Android smartphones


A recently discovered Chrome for Android exploit reportedly compromises the security of almost any Android device running with Google’s Chrome web browser installed on it.

The hack gives users full administrative access to the victim’s phone.

“As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone,” said PacSet organizer Ragos Ruiu in a statement to Vulture South.

“The impressive thing about Guang’s exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction,” continued Ruiu.

Researchers from Guan Gong released information about the exploit at PSN 2 OWN PacSec’s conference in Tokyo yesterday. While the group didn’t reveal the hacks specific inner workings, it seems to take advantage of JavaScript v8 in order to get full administrative access of an Android smartphone.

Google has reportedly been alerted to the bug and is in the process of working on a fix. It’s likely Google will pay a significant bounty for the vulnerability’s discovery given its severity.

Related reading: Firefox web browser finally launches on iOS 

[source]The Register[/source][via]Engadget[/via]