Chrome Exploit Allegedly Gives Root Access to Virtually Any Android Device

A critical vulnerability in Chrome for Android has been reported that makes it possible for attackers to take over a device. The vulnerability was demonstrated at the MobilePwn2Own, PacSec conference in Tokyo. The researcher believes that the vulnerability affects all versions of Android capable of running the latest version of Chrome.

Qihoo 360 researcher Guang Gong showcased the exploit. The vulnerability resides in JavaScript v8, Google's open source JavaScript engine. For the vulnerability to be exploited, users needs to be tricked to visit a malicious website using Chrome Web browser.

An attacker is then able to install an arbitrary application and gain the full privileges of the device. He noted that the attack was "one shot exploit," essentially meaning that just one vulnerability was enough to perform the attack. The exploit worked on many other devices as well, said Dragos Ruiu, the organiser of PacSec.

"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," Ruiu toldVulture South.

"As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone."

Working details of the vulnerability haven't been disclosed, and Ruiu said that Google had been made aware of the vulnerability.

At the same event, two security researchers managed to trick the Samsung Galaxy S6, Galaxy S6 Edge, and the Galaxy Note 4 to connect to a compromised base station and had the calls and messages go through it. As a result of which, a victim's calls and messages could be intercepted.

Hi guys If u like this post please leave a comment in comment box... comment box will top right of every post and bottom of every post. its useful for me give a better information.. check top of the blog there is menu bar in that go to comments i replied for u r comments because there is no direct option for reply for u r comments. if u want to give any suggestion in bottom of blog there is contact information option please leave a msgs with u r mail id sure i will get u.