A critical vulnerability in Chrome for Android has been reported that makes it possible for attackers to take over a device without notice. The vulnerability was demonstrated and tackled at the MobilePwn2Own, PacSec conference in Tokyo where the researcher believes that the vulnerability affects no exceptions, all versions of Android capable of running the latest version of Chrome.
Once the user goes to that page on the browser, the attacker then be able to install an arbitrary application and gain the full privileges of the device. The researcher noted that the attack was “one shot exploit,” which essentially means that it takes just one vulnerability and is enough to perform the attack. The exploit worked on many other Android devices as well
What’s impressive thing about Guang’s exploit is that it was just one shot; most people these days have to do exploit several vulnerabilities before it gets the privileged access and load software without interaction.
Working details of the vulnerability haven’t been disclosed yet and it is said that Google had been made aware of the vulnerability and started something to counterpart the issue.
At the same event at the demo, the two security researchers managed to trick the non-rooted Samsung Galaxy S6, Galaxy S6 Edge, and the Galaxy Note 4 to connect to a compromised malicious base station and had the calls and messages go through it and as a result of which, a victim’s calls and messages could be intercepted.
As for the rooted Android devices, vulnerabilities come just easily and without interaction. With rooted devices, viruses, malware, adware and other vulnerabilities are so much welcome, thus putting your Android device and your self at greater risk of insecurity and dangers.