1Likes
-
1
Post By Tor
-
Guide Guru & Forum Administrator
Security Vulnerability In Chrome For Android Discovered
UberGizmo: Security Vulnerability In Chrome For Android Discovered
As much as developers try to make their apps as secure as possible, from time to time there will be flaws discovered. Sometimes these flaws aren’t particularly serious, but sometimes they can be pretty bad. Recently during the PacSec conference in Tokyo, Qihoo 360 developer Guang Gong discovered a particularly nasty vulnerability in Chrome for Android.
Gong reportedly worked the exploit for about 3 months and basically what happened is that the vulnerability targets the app’s JavaScript engine. From there, all the hacker would need to do is direct the user to a website that can exploit the vulnerability and the JavaScript hack will do the rest of the work.
This includes the ability to install apps onto the user’s phone completely without their knowledge. Gong demonstrated the vulnerability to a Google representative who saw it in action. Thanks to his discovery, Gong has since been rewarded with a trip to Vancouver for the CanSecWest Applied Security Conference and where he will also be able to enjoy a ski trip.
As for the vulnerability itself, it is contained only to the app, so for those worried about it being a bigger and system-wide issue like Stagefright, you can rest assured that it’s not. Details of how to work the exploit were naturally unpublished so there is a good chance that it might not even be in the wild yet, so hopefully Google will push out an update soon before someone else figures it out.
Source: Security Vulnerability In Chrome For Android Discovered | Ubergizmo
-
Super Moderator & Spaminator
I've been wondering about this - does it only affect the Android browser app actually known as 'Chrome', or also the 'Android' (standard) browser? Because the latter identifies as Chrome when visiting some sites. I could update the "Chrome" app, but I don't really use that browser - it's big and bloated, and wants to be active at all times. The built-in browser is the one I use all the time, but that one can't be updated..
-Tor
-
Chief Customizer & Super Moderator
-
Super Moderator & Spaminator
Nope, that just takes you to a download page for desktop Chrome (listing Debian/Ubuntu/Fedora etc), or 'other platform' where you find iOS and Android. The Android link takes you to Chrome on Play, which is that bloated, different browser I mentioned, and not the stock Android browser.
-
Guide Guru & Forum Administrator
Didn't Google start shipping native Android with Chrome as the browser rather than the original Android version quite a few iterations ago? They have probably not touched the "native" browser since then.
-
Super Moderator & Spaminator
That is possible - I wouldn't know, as Android for the TF700T is at 4.x.. unlike desktop operating systems, mobile users are very quickly abandoned by vendors w.r.t. security updates (or any updates). But it is a bit surprising that Google wouldn't update the stock browser which has been in use for so many Android iterations (as in this case they could, as it's just an app and not vendor-modified firmware). Or at least it would be nice to know if this browser's javascript implementation is affected by this security issue. (On the other hand I wouldn't be happy as an Android user if indeed the Chrome browser is now default. It's not a nice browser for Android. Works well on the desktop - I'm using it now - but I definitely don't like it on Android).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Similar Threads
-
By WOLF424A in forum General Discussion
Replies: 7
Last Post: 08-08-2015, 04:20 PM
-
By janner43 in forum Asus Transformer News
Replies: 10
Last Post: 08-08-2013, 04:07 AM
-
By dgstorm in forum Asus Transformer News
Replies: 0
Last Post: 07-09-2013, 09:46 AM
-
By Setherson in forum Asus Transformer (TF101) General Discussions
Replies: 3
Last Post: 03-20-2012, 06:20 AM
-
By neil7908 in forum Asus Transformer (TF101) General Discussions
Replies: 2
Last Post: 12-05-2011, 12:50 PM
Powered by
vBulletin® Version 4.2.3
Copyright © 2022 vBulletin Solutions, Inc. All rights reserved.
Search Engine Optimization by
vBSEO 3.6.1
All times are GMT -6. The time now is 01:45 PM.