During the PacSec conference in Tokyo at the Pwn2Own contest, a security researcher named Guang Gong showed how, through a failure of Google Chrome, you can take full control of the operating system Android.
The biggest problem with this threat is that it is large enough to allow bad-intentioned people to invade a smartphone or tablet through access to a single malicious link.
Details of the flaw are not fully disclosed due to security concerns of Chrome users. However, Gong said that it takes advantage of the JavaScript engine 8v. If any user visits that malicious site, then with that malicious link, users will be exposed to hackers, and hackers will fully control the device.
Here is the big problem in making this news secret: hackers with bad intentions might start their work to exploit Chrome users, but soon after the vulnerability was discovered, the Google team product manager started the developer’s teamwork to solve the vulnerability.
Google Impressed From an Employee Who Discovered Vulnerability in a Chrome
During his demonstration, the researcher could break into a Nexus 6 Project Fi and install an application without direct interaction. As failure uses JavaScript as the basis, it could theoretically be adapted to work with any Android-based smartphone.
The control is limited to Chrome and the storage drives, the gallery, and the camera the hackers can use in this vulnerability.
As a reward for his discovery, Gong won a trip to the CanSecWest conference in 2016 and will likely get great prize money awarded by Google. A company member was in the presentation in which the failure was exposed and already hinted at the company, which is currently working on ways to correct it.
The attack will touch the nerve of JavaScript Engine v8; it is said that this vulnerability will not differ with the Android version users are using; all the versions of Android having Chrome with an inbuilt JavaScript v8 engine can eliminate the system from hackers’ hands.
As we have said that an employee got perfection with respect from the people who are known to him, Gong won a trip to the CanSecWest Security Conference, which will be held in 2016 also received a bounty, namely called bug Bounty from Google, the amount has not disclosed, as from this, after Google Chrome team heard about the vulnerability in Chrome in v8 JavaScript Engle, the team rush to the conference meeting where Gong showing that how this vulnerability works, and soon after that the team congratulates the Bug finder. They rush to Google headquarters to recover and fix the vulnerability as quickly as possible.
Now the vulnerability is solved by the team, and the Google Chrome team head implies thank you note to Gong.
