Chrome Web browser contains Javascript v8 engine vulnerability
While mobile operating systems provide enjoyment for smartphone and tablet users, the world of mobile is as dangerous as the world of PCs – and vulnerabilities, loopholes, and risks lurk around every webpage or website. In order to get to the bottom of these vulnerabilities and dangers, someone has to do the tough job of finding these weak points and exposing them in order to increase internet security worldwide.
Guang Gong, a Quihoo 360 security researcher, discovered a vulnerability in the Chrome web browser involving the Javascript v8 engine that allows a hacker to remotely take over and install all sorts of applications onto the device if the user taps a Chrome link containing malicious code. Gong demonstrated this on a Project Fi Motorola-Google Nexus 6 at the recent MobilePwn2Own event in Tokyo Japan (PacSec conference). The vulnerability can work on any Android handset and doesn’t need any other vulnerabilities in place in order to work: it’s a one-stop hacking shop.
Gong’s vulnerability was witnessed by a Google security team member and will likely make its way back to Google and remain a hot topic of discussion in the coming days and weeks. Another team, this time from Germany, was able to replicate the Javascript v8 engine vulnerability on a Samsung device running Android, validating the vulnerability across all Android handsets, not only Google’s Nexus devices.
The researcher was given a skiing vacation as a reward for finding this malicious exploit, but the good behind this is that Google has been alerted to the Javascript V8 loophole, and will fix it with a future security update on its Nexus devices and the Chrome web browser as a whole. Google has already agreed, in light of Stagefright, to issue security updates for its Nexus devices on a monthly basis. Android OEMs have agreed to release Stagefright updates for their respective Android handsets as well.
As always, you can’t go wrong with a good VPN service when it comes to protecting yourself, so don’t forget to check out some of our top VPN picks.