Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome V8 JavaScript Exploit Leaves All Android Devices Ripe For Attack (hothardware.com)

Posted by timothy on from the trouble-in-your-pocket dept.

MojoKid writes: If you're an Android user that makes heavy use of Google's Chrome web browser (and what Android user doesn't?), you'll want to pay close attention to a new exploit that has the capability of taking your smartphone hostage. The exploit was demonstrated at MobilePwn2Own, which was held at a Tokyo-based PacSec conference. Quihoo 360 security researcher Guang Gong first uncovered the vulnerability, and thankfully, he hasn't publicly revealed detailed specifics on its inner workings. As soon as a phone accessed the website, the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a game) without any user interaction, to demonstrate complete control of the phone. Google reportedly has been made well aware of the exploit and will likely act quickly to resolve it.

3 of 107 comments (clear)

  1. repost by wbr1 · · Score: 4, Informative

    http://slashdot.org/story/15/1...

    --
    Silence is a state of mime.
  2. Re: node.js? by Guy+Harris · · Score: 2, Informative

    node and chrome have nothing to do with each other besides sharing the JS engine.

    node.js uses a JavaScript engine, as it's written in JavaScript. Chrome is a browser that has a JavaScript engine. So they share even less than that.

    So the question is "does running node.js on V8 render it vulnerable?"

  3. in other words, no fix by frovingslosh · · Score: 3, Informative

    Google reportedly has been made well aware of the exploit and will likely act quickly to resolve it.

    Given the way that Google updates don'r get out to Android users, we can expect Google's resolution to eventually reach 0% of the current users.

    --
    I'm an American. I love this country and the freedoms that we used to have.