Latest Chrome Exploit Puts Millions of Users at Risk

By | November 16, 2015 | 4 Comments


Latest Chrome Exploit Puts Millions of Users at RiskRecently, at the Tokyo PacSec conference, Chinese researched has discovered and successfully exploited Google’s Project Fi Nexus 6 device running the latest version of Android (6.0 Marshmallow). As a result, he was able to install fake app into the phone that could theoretically be used to take the device control away from the user. In a demo example, he installed a simple BMX bike game, just to show what’s possible.

As noted by the PacSec member, Dragos Ruiu, it was a “one-shot exploit” which “did everything in one go instead of chaining multiple vulnerabilities”.

How do you eliminate the risk? Get rid of Google Chrome, which has this JavaScript v8 flaw.

[Via: Securityaffairs]


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (4)

Trackback URL | Comments RSS Feed

  1. Šime Vidas says:

    Huh? Get rid of Chrome? As far as I know, Chrome cannot (or can no longer) be removed from Android.

  2. Toni Barrera says:

    Well, if an app can do this kind of damage, that’s definetely an Android bug, not Chrome… No app should be able to cause this

  3. Katsuki says:

    Based on source website:
    “The JavaScript v8 flaw allowed The researcher to install an arbitrary application (he installed a BMX Bike game) on the targeted smartphone without requiring any user interaction. The attacker just needs to trick victims into visiting a bogus website he set up to compromise the device.”

    “it exploits the flaw in the JavaScript engine in Chrome this mean it could potentially affect all Android versions with the latest version of the Google browser installed.”

Leave a Reply