A critical vulnerability in Chrome for Android apparently
exploited and displayed in a quite popular hacking contest is now being known to
empower anybody with specialized technical expertise to remotely take control
for all intents and purposes any Android-based device.
Found by PacSec speaker Guang Gong from Qihoo 360 at Pwn2Own
the vulnerability in Google's JavaScript v8 is said to purportedly influence
all renditions of Android running the latest version of Chrome.
What makes this specific vulnerability stand out amongst the
remaining of the already established hazardous and risky ones is that being a
'one shot exploit', just one is sufficient to remotely hack the device.
At first, the user is tricked into visiting a vindictive
website on Chrome and once there, an attacker effectively installs an arbitrary
application into the device thusly gaining full privileges.
"As soon as the phone accessed the website the
JavaScript v8 vulnerability in Chrome was used to install an arbitrary
application (in this case a BMX Bike game) without any user interaction to
demonstrate complete control of the phone," it was reported.
Despite the fact that android fixed 33 vulnerabilities, in
which, 9 vulnerabilities were categorized under critical severity and rest of
the 24 were fixed under "high" severity.
Until now no more insights regarding the exploits have been
unveiled. Google, on the other hand has purportedly been made mindful of the
Chrome vulnerability, regardless of whether it has been fixed is yet to be
affirmed.
