New Android Vulnerability Compromises Any Handset Through Chrome

[dgstorm]

While some of the Android vulnerabilities we have been hearing about lately were easily avoided, some are decidedly more menacing because they are easier to fall prey to. Today's reported Android security breach falls squarely in that last category. There is a new exploit that can compromise any Android smartphone through Chrome, just from visiting certain websites. This exploit allows an attacker to gain full control of the device. Here's a quote with more of the details,

The attack was demonstrated earlier this week at the PacSec conference in Japan, where Quihoo 360 researcher Guang Gong demonstrated the attack against Google’s mobile Chrome browser. A vulnerability in the app’s JavaScript V8 engine allows attackers to do largely whatever they’d like to a victim’s phone – the demo showed how apps could be silently installed, but that’s just one way a hacker might seek to take advantage of the bug.

With Chrome so pervasive on Android phones and tablets, this means that a huge percentage of the current Android user base is potentially exposed. ~ PocketNow

There is some bright news regarding this vulnerability. It looks like researchers may have found it so fast that the bad guys haven't even had a chance to develop and use it.

That's one of the best things about Android. It's community of developers rally together to constantly test the boundaries and limits of the technology. It's because of them that we frequently get fixes for problems before they ever become a problem. The word on the street is that a fix for this is in the works and should be coming soon.

 

[cynkrzy]

On the bright side it's an app, a Google app. It can be fixed and everyone can get the fix without having to wait on carriers, which we know means just about never!

 

[SquireSCA]

One does get tired of the constantly increasing barrage of nasty malware though...

 

[MissionImprobable]

Glad the fix is coming quickly. I never used chrome previously as it's laggy compared to Firefox on pc, and I'd usually sync between devices. Used it some recently, but one, it's not surprising that the exploit involves Java, and secondly, that's just part and parcel of using a popular OS, someone will always be looking for a way in.

 

[Mustang02]

Glad the fix is coming quickly. I never used chrome previously as it's laggy compared to Firefox on pc, and I'd usually sync between devices. Used it some recently, but one, it's not surprising that the exploit involves Java, and secondly, that's just part and parcel of using a popular OS, someone will always be looking for a way in.

The article doesn't mention a fix coming though.

 

[cynkrzy]

The article doesn't mention a fix coming though.

True - But Google has been fairly responsive to these threats. Can't imagine it will be too long

 

[desiwest]

True - But Google has been fairly responsive to these threats. Can't imagine it will be too long

Seeing as Google had Project Zero for specifically finding vulnerabilities and forcing companies to patch their software I'm sure they already started working on a fix as soon as it was discovered.

Sent from my D6708 using Tapatalk

 

[cr6]

One does get tired of the constantly increasing barrage of nasty malware though...

True, but then again it's no different from PC malware and viruses that we've had to protect ourselves from for decades before smartphones were everywhere.

S5 tap'n