The discovery of a risky Chrome exploit that has the ability of destroying even a new updated Android device has been done by one researcher at Quihoo 360 after a three-month research. This exploit can be encountered upon visiting an infected site.

This vulnerability, which was demonstrated at the MobilePwn2Own event for Pacsec, is particularly interesting in that it is not a string of exploits that link together to reach a troublesome knot as commonly known. This is just a single exploit. Although the details of the exploit were not revealed conclusively, what is clear is that this exploit manipulates a vulnerability that is in JavaScript v8.

Guang Gong, the researcher who unveiled this vulnerability, will be receiving a reward from PacSec for the discovery and release of this exploit. Guang Gong will be flown by PacSec to the security conference at CanSecWest for a ski trip scheduled for March 2016. On top of this, Google is also expected to chip in some contribution for discovery of the bug as a security representative from Google at the event took the work of Guang back for some consideration.

QUICK NOTE: Free firmware downloads are made possible thanks in part to OVH Hosting & Dedicated Servers – Updato's #1 choice for hosting and storage solutions! Show your support and check 'em out.

The vulnerability took Guang Gong a period of three months to develop and fully flesh it out. When he demonstrated it, the method was indeed swift and efficient, opening the eyes of many to the fact that this is a scary exploit indeed, with the ease at which it takes to set its claws in a device.

Guang demonstrated the exploit by using a Nexus 6 to download a BMX game for bikes using an unremarkable web address that was tied up with the miscreant script.

Dragos Ruiu, the organizer for PacSec said that this vulnerability has the ability to work on any given Android device because it affects the Javascript engine. After the exploit was revealed, a German team took to the task of testing it on a Samsung device, after which the report came out positive. This may or may not have been anticipated but whichever the case, this is pretty perturbing especially when one thinks of the many vulnerabilities that Android devices have become exposed to of late.

No report has been given yet on what measures are being undertaken to deal with this bug but we can still wait and hope that Google will come up with something after the representative at the conference seemed intrigued by this new discovery.

Even as we wait for this exploit to get tackled, one may question as to why Android devices have become so exposed to a string of vulnerabilities as seen of late such as Stagefright, Shuanet, Ghostpush and Kemoge among a string of many others. As earlier quoted, when the question of Google’s own smartphone was on the platform, it seems that some laxity has been creeping into the world of OEMs especially with regards to security updates and other support features. Probably that’s the whole essence of why Google is opting to go Apple’s style by setting the pace for others to follow so that some sobriety can be restored in this whole affair.

View Comments


unlock your phone

Easily and safely unlock your phone for any network provider in just minutes.

Get Started

LATEST FROM YOUTUBE:

What's my model number?

There are several ways to locate your model number:

Option 1
On your device, go to Settings, then "About device" and scroll down to "Model number"
Option 2
Often times you can view the model number inside the device, by removing the battery
Option 3
Using Samsung's model/serial number location tool

Looks like you're using an ad blocker.

We get it: ads aren't what you're here for...

But ad revenue is our only way to manage this site. Without ad revenue we won't be able to continue to provide quality content and free firmware downloads.

Please disable your ad blocker or whitelist Updato.com in order to continue into Updato's ad-light experience.

Thanks for your support!