A Mysterious Hacker who goes by the "Pinkie Pie" handle is rewarded with $50,000 USD for hacking into the Google Chrome browser for Nexus 4 and Samsung Galaxy S4.
At Information Security Conference PacSec 2013 in Tokyo, during the HP's Pwn2Own contest, a zero-day exploit showcased by "Pinkie Pie", that took advantage of two vulnerabilities:
- An integer overflow that affects Chrome.
- Chrome vulnerability that resulted in a full sandbox escape.
For successful exploitation, you have to get your victim to visit a malicious website e.g. clicking a link in an email, or an SMS or on another web page. He demonstrated this zero-day attack with remote code execution vulnerability on the affected devices.
It is not known whether other Android phones are also vulnerable to same flaw or not. Vulnerability has been disclosed to Google by the Contest organizers and the company is working to address the issue as soon as possible.