Hackers have found a new way to hack your Android smartphone and remotely gain total control of it, even if your device is running the most up-to-date version of the Android operating system.
Security researcher Guang Gong recently discovered a critical zero-day exploit in the latest version of Chrome for Android that allows an attacker to gain full administrative access to the victim's phone and works on every version of Android OS.
The exploit leverages a vulnerability in JavaScript v8 engine, which comes pre-installed on almost all (Millions) modern and updated Android phones.
All the attacker needs to do is tricking a victim to visit a website that contains malicious exploit code from Chrome browser.
Once the victim accessed the site, the vulnerability in Chrome is exploited to install any malware application without user interaction, allowing hackers to gain remotely full control of the victim's phone.
Also Read: This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike
Also Read: This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike
This Chrome for Android zero-day exploit was practically demonstrated by Gong in a hacking contest MobilePwn2Own during the 2015 PacSec conference in Tokyo.
Complete technical details on the exploit are not available yet, but the researcher has already alerted Google to the bug, and the company is expected to pay out a sizeable bug bounty for the exploit.
Also Read: Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking
Also Read: Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking
Just to be on the safer side, Android users are advised to use alternative browsers until Google patches the vulnerability.