During PacSec conference in Tokyo at Pwn2Own contest, a security researcher named Guang Gong showed how, through a failure of Google Chrome, you can take full control of the Android operating system. The biggest problem of this threat is the fact that it is large enough to allow a bad intentioned people to invade a smartphone or tablet through access to a single malicious link.
Details of the flaw are not fully disclosed due to security concerns of chrome users. However, Gong said that it takes advantage of JavaScript engine 8v and if any user’s visit to that malicious site then with that malicious link users will be exposed by hackers and device will be fully under controlled by hackers. The reason why the news remain secret is that hackers might start to exploit Chrome users, but soon after the vulnerability discovered the Google team product manager started the developers team on work to solve the vulnerability.
During his demonstration, the researcher was able to break into a Nexus 6 Project Fi and install an application without any kind of direct interaction. As failure uses JavaScript as the basis, it could theoretically be adapted to work with any Android-based smartphone. The control is not only limit with Chrome but also with the storage drives, the gallery and the camera, the hackers can use in this vulnerability.
As a reward for his discovery, Gong won a trip to the CanSecWest conference in 2016 and will likely get a generous prize money awarded by Google. A member of the company was in the presentation in which the failure was exposed and already hinted the company, which is currently working on ways to correct it. Basically, the attack will touch the nerve of JavaScript Engine v8, it is said that this vulnerability will not differ with the Android version users using, all the version of Android having Chrome with an inbuilt JavaScript v8 engine can eliminate the system to hackers hand.
As we have said that an employee got a perfection with respect from the people who known to him, Gong have won a trip to the CanSecWest Security Conference which will be held on 2016 also received bounty which namely calling as bug Bounty from Google, the amount which is not disclosed, after Google Chrome team heard about the vulnerability in Chrome in v8 JavaScript Engle, the team rush to the conference meeting where Gong showing that how this vulnerability works, and soon after that the team congratulate the Bug finder and they rush to the Google Headquarter to recover and fix the vulnerability as quick as possible.
Now the vulnerability is solved by the team and the Google Chrome team head implies thank you note to Gong.
Like us on Facebook and subscribe with your email to receive all our latest updates via your inbox!
0 comments :
Post a Comment