One shot and you’re exploited! Another Android vulnerability uncovered.

It feels like it was only yesterday that I was writing a story about malware on Coolsmartphone [it was, ed]. A security researcher from Quihoo 360, unveiled an exploit at the PacSec conference in Tokyo by Guang Gong. However, most of the details have not been fully released to the public which tends to be a good thing. The exploit itself targets the JavaScript v8 engine. The worrying problem is that this affects pretty much every Android handset out there!

What we do know about this exploit, is that the vulnerability manipulates JavaScript v8 engine to gain full administrative access to the victim’s phone. The bug is part of Google’s Chrome which is part of every Chrome installation.

PacSec organiser Dragos Ruiu told Vulture South the exploit was demonstrated on a new Google Project Fi Nexus 6.

“The impressive thing about Guang’s exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction,” Ruiu says.

One shot and youre exploited! Another Android vulnerability uncovered.“As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.”

“The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine”

According to The Register, the Google security team immediately contacted Gong after his demonstration, and rumour has it that the Chrome team is already getting a fix in place. Gong may be eligible to receive an Android bug bounty reward for the vulnerability.

The post One shot and you’re exploited! Another Android vulnerability uncovered. is original content from Coolsmartphone.


  • Google+
  • RSS Feed
  • Twitter
  • YouTube
  • Podcast
  • Computer scientist live-streams the websites he visits to explain new U.K. surveillance law

    Chrome Extension Internet Browsing Surveillance

    Legislation that would force Internet service providers to store more data about their customers’ browsing habits, as well as ban encrypted devices including the iPhone, is currently being discussed in the U.K. where the government is looking to expand its powers when it comes to surveillance programs. To show what kind of information the proposed Investigatory Powers Bill would offer secret agencies, one developer created a Chrome plugin that records all the sites you visit.

    Continue reading...

    How to auto-close browser tabs when tapping the back-to-app button [jailbreak]

    BrowserBreadcrumbCleanup 2

    BrowserBreadcrumbCleanup is an awkwardly named, but very useful jailbreak tweak that helps you keep your open Safari tabs to a minimum when using back-to-app breadcrumb links.

    Normally, when you tap the back-to-app breadcrumb link in the status bar, you’re shipped back to the original app, but the Safari tab stays opened. With BrowserBreadcrumbCleanup installed, Safari tabs are automatically closed when venturing back to the original app. Watch our video walkthrough for an explanation.... Read the rest of this post here

    "How to auto-close browser tabs when tapping the back-to-app button [jailbreak]" is an article by
    Make sure to follow us on Twitter, Facebook, and Google+.

    Android and Chrome OS may be combined as early as next year

    Google Holds Press Event Announcing New Products

    For years, people have wondered if Google would merge its Android and Chrome operating systems, and the company has steadfastly held to them important but distinct pieces of its strategy. That might be changing: The Wall Street Journal is reporting that Google has been working for two years to merge Chrome OS and Android. The results of that unified operating system is expected to be officially released to the public in 2017, but we may see an early version as soon as next year.

    Source: The Wall Street Journal

    Chrome for iPad now supports iOS 9’s multitasking features

    With iOS 9, Apple introduced a handful of new multitasking features for the iPad, like the ability to run two apps side by side. Now Google's Chrome browser is ready to take advantage of these, thanks to an refreshed version of its universal iOS application. Aside from being able to use the Split View mode mentioned earlier, Chrome on iPad also supports Slide Over, as shown above; and Picture-in-Picture, which lets you browse websites and watch a pop-up video simultaneously. That said, Split View only works on iPad Air 2, iPad mini 4 and the soon-to-be-released iPad Pro, but the other tidbits are compatible with any tablet running Apple's latest mobile OS.

    Via: 9to5Mac

    Source: App Store

    Chrome picks up iPad split-screen multitasking support in latest update

    Google Chrome 37.0.2062.60 for iOS (app icon, small)

    Google today pushed a small update to its Chrome mobile browser in the App Store. The new edition, officially bumped to version number 46.0.2490.73, brings support for iOS 9’s new Split View multitasking mode on the iPad Air 2, iPad mini 4 and iPad Pro.

    Moreover, Slide Over multitasking view and Picture-in-Picture video mode are supported in this Chrome edition as well. These are certainly welcomed additions for those of you who do a lot of research online as you can now browse the web with Chrome and run another app like Notes side-by-side.... Read the rest of this post here

    "Chrome picks up iPad split-screen multitasking support in latest update" is an article by
    Make sure to follow us on Twitter, Facebook, and Google+.

    Chrome is killing your computer’s battery life

    Chrome Vs. Firefox Battery Life

    Want better battery life on your laptop? You might want to consider using a browser besides Chrome. Digital Citizen has tested popular Internet browsers across multiple Windows 10 laptops and has found one major common denominator: Chrome is by far the biggest battery hog.

    Continue reading...

    Let your friends take over your browser with this crazy Chrome extension

    Shove Chrome Extension

    Sharing links on the Internet is already exceptionally simple, but a small group of developers has found a way to take even more steps out of the process. Officially released late last month, Shove is a browser extension for Chrome that allows users to instantly open tabs on one another's browsers without any prompts or warnings.

    Terrifying, right?

    Continue reading...

    This link can crash your Google Chrome browser

    Crash Chrome Browser Link

    Because Google Chrome doesn't have enough issues already, a security researcher has discovered that a specific string of text is capable of crashing the browser and deleting any unsaved work sitting in open tabs.

    Continue reading...

    Google finally starts fixing Chrome’s memory-hogging, battery-killing features

    Google Chrome 45 Update Features

    It may be one of the best Internet browsers you can get your hands on, but it can also be pretty annoying, especially when it comes to energy efficiency. Google, however, got the message, and it started fixing the Chrome browser, releasing a version that’s supposed to offer you a “faster and more efficient web.”

    Continue reading...