A security researcher revealed a new exploit that could allow someone to take control over someone else’s Android phone remotely with just one Chrome link.
Researcher Guang Gong showcased this nefarious plan at Mobilen2Own, part of Tokyo’s cSec conference. The full details weren’t revealed, in order to deter anyone with malicious intent from putting it into action.
Gong was able to take control of a oject Fi Nexus 6 by attacking a vaScript vulnerability in Chrome. Through the exploit, he installed an application granting total access to the phone without any user notification.
ckily, a member of ’s security team was at the event, so will soon be at work on a patch (along with offering a hefty reward bounty for Gong). As long as you avoid sketchy websites stick to the ay Store for downloads, you should be fine, but it’s always to good to keep an eye on the security lscape.
y this matters: The Stagefright vulnerability raised the issue of Android security to a higher level because of how easily someone could unknowingly infect their devices from an MMS message. In response, now sends out a monthly patch to Nexus devices, while other hardware makers have said they’re going to also step up their security game. It’s badly needed, as Android’s large marketshare dems a robust security structure update system.
