Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Tor

Thread: Security Vulnerability In Chrome For Android Discovered

  1. #1
    Guide Guru & Forum Administrator
    Supporting Member

    Member #
    12453
    Join Date
    Oct 2011
    Location
    Devon, UK
    Tablet
    Other - Chromebook
    Posts
    14,013
    Liked
    2825 times

    Security Vulnerability In Chrome For Android Discovered

    UberGizmo: Security Vulnerability In Chrome For Android Discovered

    As much as developers try to make their apps as secure as possible, from time to time there will be flaws discovered. Sometimes these flaws arenít particularly serious, but sometimes they can be pretty bad. Recently during the PacSec conference in Tokyo, Qihoo 360 developer Guang Gong discovered a particularly nasty vulnerability in Chrome for Android.

    Gong reportedly worked the exploit for about 3 months and basically what happened is that the vulnerability targets the appís JavaScript engine. From there, all the hacker would need to do is direct the user to a website that can exploit the vulnerability and the JavaScript hack will do the rest of the work.

    This includes the ability to install apps onto the userís phone completely without their knowledge. Gong demonstrated the vulnerability to a Google representative who saw it in action. Thanks to his discovery, Gong has since been rewarded with a trip to Vancouver for the CanSecWest Applied Security Conference and where he will also be able to enjoy a ski trip.

    As for the vulnerability itself, it is contained only to the app, so for those worried about it being a bigger and system-wide issue like Stagefright, you can rest assured that itís not. Details of how to work the exploit were naturally unpublished so there is a good chance that it might not even be in the wild yet, so hopefully Google will push out an update soon before someone else figures it out.

    Source: Security Vulnerability In Chrome For Android Discovered | Ubergizmo

    PLEASE Search for existing threads before posting a new one. Thanks.

    Your opinion matters. But should you disagree - please try not to be disagreeable

    Forum guide - here ~~ T100 FAQs - here ~~ Cold boot - here

    Adobe Flash Player & Browser Guide here

    Master Help Guide - here ~~ FAQ malware - here ~~ FAQ e-reading - here
    Mobile OS devices personal pantheon...
    ANDROID: Doogee DG310; SGS; Huawei Y300; Motoroloa Xoom 2ME; Razr; Defy Mini; CnM Touchpad II;
    Asus TF101; Lenovo A1; Samsung Tab 2 7.0
    APPLE: iPhone 4s; iPhone 5c; iPhone 6; iPhone 7; iPad 3; iPad Mini 2; iPad Air 2 64gb
    CHROMEBOOK: HP 14-Q010sa Celeron 14 Inch 4GB 16GB Chromebook - White.

  2. #2
    Super Moderator & Spaminator
    Supporting Member

    Member #
    50369
    Join Date
    Dec 2012
    Location
    Europe and Japan
    Tablet
    TF700
    Posts
    792
    Liked
    248 times
    I've been wondering about this - does it only affect the Android browser app actually known as 'Chrome', or also the 'Android' (standard) browser? Because the latter identifies as Chrome when visiting some sites. I could update the "Chrome" app, but I don't really use that browser - it's big and bloated, and wants to be active at all times. The built-in browser is the one I use all the time, but that one can't be updated..

    -Tor

  3. #3
    Chief Customizer & Super Moderator
    Supporting Member

    Member #
    47492
    Join Date
    Oct 2012
    Tablet
    TF700
    Posts
    2,724
    Liked
    711 times
    I would bet the stock browser shares a lot with Chrome or is based off it.
    I just flashed a stock based rom from 2014 to the TF700 and I am using the stock browser. When I access the Google search page I get the notification below in the title bar. Not that I think this update addresses the Java vulnerability, but it looks as if you do get security updates that way. Maybe?
    Attached Images Attached Images

  4. #4
    Super Moderator & Spaminator
    Supporting Member

    Member #
    50369
    Join Date
    Dec 2012
    Location
    Europe and Japan
    Tablet
    TF700
    Posts
    792
    Liked
    248 times
    Nope, that just takes you to a download page for desktop Chrome (listing Debian/Ubuntu/Fedora etc), or 'other platform' where you find iOS and Android. The Android link takes you to Chrome on Play, which is that bloated, different browser I mentioned, and not the stock Android browser.

  5. #5
    Guide Guru & Forum Administrator
    Supporting Member

    Member #
    12453
    Join Date
    Oct 2011
    Location
    Devon, UK
    Tablet
    Other - Chromebook
    Posts
    14,013
    Liked
    2825 times
    Didn't Google start shipping native Android with Chrome as the browser rather than the original Android version quite a few iterations ago? They have probably not touched the "native" browser since then.

    PLEASE Search for existing threads before posting a new one. Thanks.

    Your opinion matters. But should you disagree - please try not to be disagreeable

    Forum guide - here ~~ T100 FAQs - here ~~ Cold boot - here

    Adobe Flash Player & Browser Guide here

    Master Help Guide - here ~~ FAQ malware - here ~~ FAQ e-reading - here
    Mobile OS devices personal pantheon...
    ANDROID: Doogee DG310; SGS; Huawei Y300; Motoroloa Xoom 2ME; Razr; Defy Mini; CnM Touchpad II;
    Asus TF101; Lenovo A1; Samsung Tab 2 7.0
    APPLE: iPhone 4s; iPhone 5c; iPhone 6; iPhone 7; iPad 3; iPad Mini 2; iPad Air 2 64gb
    CHROMEBOOK: HP 14-Q010sa Celeron 14 Inch 4GB 16GB Chromebook - White.

  6. #6
    Super Moderator & Spaminator
    Supporting Member

    Member #
    50369
    Join Date
    Dec 2012
    Location
    Europe and Japan
    Tablet
    TF700
    Posts
    792
    Liked
    248 times
    That is possible - I wouldn't know, as Android for the TF700T is at 4.x.. unlike desktop operating systems, mobile users are very quickly abandoned by vendors w.r.t. security updates (or any updates). But it is a bit surprising that Google wouldn't update the stock browser which has been in use for so many Android iterations (as in this case they could, as it's just an app and not vendor-modified firmware). Or at least it would be nice to know if this browser's javascript implementation is affected by this security issue. (On the other hand I wouldn't be happy as an Android user if indeed the Chrome browser is now default. It's not a nice browser for Android. Works well on the desktop - I'm using it now - but I definitely don't like it on Android).
    droidbound likes this.

 

 

Remove Ads

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 7
    Last Post: 08-08-2015, 05:20 PM
  2. Another security warning for Android powered devices
    By janner43 in forum Asus Transformer News
    Replies: 10
    Last Post: 08-08-2013, 05:07 AM
  3. Replies: 0
    Last Post: 07-09-2013, 10:46 AM
  4. Possible Security Problem Discovered?
    By Setherson in forum Asus Transformer (TF101) General Discussions
    Replies: 3
    Last Post: 03-20-2012, 07:20 AM
  5. Internet banking and General security on android
    By neil7908 in forum Asus Transformer (TF101) General Discussions
    Replies: 2
    Last Post: 12-05-2011, 01:50 PM
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
Search Engine Optimization by vBSEO 3.6.1
All times are GMT -6. The time now is 04:38 PM.