Chrome Hole Affects Android Devices
Monday, November 16, 2015 @ 04:11 PM gHale
There is an exploit in Google’s Chrome for Android that could lead to the compromise of any device.
The researchers did say, however, the hole probably affects all Android phones if users visit a malicious website.
It is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers said.
Quihoo 360 Researcher, Guang Gong, showcased the exploit which he developed over three months.
The researcher demonstrated the exploit on a new Google Project Fi Nexus 6.
A Google security engineer on site received the bug.
A second team from Germany also appears to have popped a modern Samsung phone, with a demonstration delayed until today due to a delayed flight.
Gong will now go to the CanSecWest security conference in March next year.
Last year hackers exposed vulnerabilities in popular phones for shares in $425,000 in cash rewards, but security sponsors Google and Hewlett Packard’s Zero Day Initiative pulled out.
HP says it did not sponsor the competition thanks to the complexities of the Wassenaar Arrangement and the $300 million acquisition of Tipping Point and the Zero Day Initiative by Trend Micro.
Due to the complexity of obtaining real-time import and export licenses in countries that participate in the Wassenaar Arrangement, the ZDI notified conference organizer, Dragos Ruiu, it would not be holding the Pwn2Own contest at PacSecWest, a spokesperson said.