Researcher discovers a hidden vulnerability in the latest version of Chrome for Android which can be easily exploited by anybody
A security researcher has discovered a critical exploit in Chrome for Android which is capable of compromising virtually every version of Android smartphone and tablets running the latest Android.
Guang Gong a security researcher from Quihoo 360 found the security vulnerability in Google’s Chrome browser for Android, which he recently presented during the MobilePwn2Own event at the PacSec security conference in Tokyo.
Gong demonstrated his PoC at PacSec where he used a regular Android smartphone to access a malicious link, which by leveraging the security exploit, installed another app on the phone, without any user interaction. Unlike similar Chrome exploits, the vulnerability discovered by Gong did not require chaining multiple bugs together to work or to gain root privileges.
According to Register, Google security team immediately contacted Gong after his demonstration and rumors have it that the Chrome team is already getting a fix ready. Gong may be eligible to receive an Android bug bounty reward for the vulnerability.