New Android Phones Hijackable With Chrome Exploit

mask.of.sanity writes: Google's Chrome for Android has been popped with a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference, targets the JavaScript v8 engine and compromises phones when users visit a malicious website. It is also notable in that it is a single clean exploit that does not require chained vulnerabilities to work.

Not yet disclosed

[unencode200x]

From TFA "acSec Google's Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset.

The exploit, showcased at MobilePwn2Own at the PacSec conference in Tokyo yesterday but not disclosed in full detail, targets the JavaScript v8 engine. It can probably hose all modern and updated Android phones if users visit a malicious website"

Well at least it won't require an OS update to fix

[Karlt1]

Since Google can update Chrome for Android without requiring the OEM's and the carriers, it's not as bad as most Android security vulnerabilities.

No chained vulnerabilities? Really?

[Greger47]

It is also notable in that it is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers say.

I have a hard time believing that. On Android V8 and the rest of the layout engine run in a restricted sandbox service that has no permissions to install apps.

In addition to exploiting V8 they must be using a separate privilege escalation in the Android userspace or Linux kernel to install the APK, especially if there is no interaction needed like accepting the standard install dialog.

I'm sure curious to hear the real story when Google releases a fix.

/greger