The discovery of a risky Chrome exploit that has the ability of destroying even a new updated Android device has been done by one researcher at Quihoo 360 after a three-month research. This exploit can be encountered upon visiting an infected site.
Guang Gong, the researcher who unveiled this vulnerability, will be receiving a reward from PacSec for the discovery and release of this exploit. Guang Gong will be flown by PacSec to the security conference at CanSecWest for a ski trip scheduled for March 2016. On top of this, Google is also expected to chip in some contribution for discovery of the bug as a security representative from Google at the event took the work of Guang back for some consideration.
The vulnerability took Guang Gong a period of three months to develop and fully flesh it out. When he demonstrated it, the method was indeed swift and efficient, opening the eyes of many to the fact that this is a scary exploit indeed, with the ease at which it takes to set its claws in a device.
Guang demonstrated the exploit by using a Nexus 6 to download a BMX game for bikes using an unremarkable web address that was tied up with the miscreant script.
No report has been given yet on what measures are being undertaken to deal with this bug but we can still wait and hope that Google will come up with something after the representative at the conference seemed intrigued by this new discovery.
Even as we wait for this exploit to get tackled, one may question as to why Android devices have become so exposed to a string of vulnerabilities as seen of late such as Stagefright, Shuanet, Ghostpush and Kemoge among a string of many others. As earlier quoted, when the question of Google’s own smartphone was on the platform, it seems that some laxity has been creeping into the world of OEMs especially with regards to security updates and other support features. Probably that’s the whole essence of why Google is opting to go Apple’s style by setting the pace for others to follow so that some sobriety can be restored in this whole affair.
LATEST FROM YOUTUBE: