Analecta Cyber Company Blog: Android devices vulnerable to new Chrome browser zero-day

2015-11-24

Android devices vulnerable to new Chrome browser zero-day

Hackers have identified a new zero-day vulnerability in the fully updated Google Chrome web browser for Android phones. The vulnerability lies in the Javascript engine used in Chrome. It allows a hacker to gain full administrative access on an Android-based device. A researcher at Guang Gong discovered the security hole, which affects all versions of the Android OS.



Various methods are used to force victims to visit a website that contains the malicious code. Once the dangerous website has been accessed, the browser automatically runs the malicious Javascript. It can then further install malicious software on the device without any user activity.

Fix in the works

The technical details of this exploit have not been publicly released, but the researcher has notified Google, which is expected to fix the bug in the near future.

Until the exploit has been fixed, it's important for Android users to be extra diligent and use safe Internet practices. They may want to consider using an alternative web browser on their Android devices.