A researcher at Quihoo 360 recently discovered an exploit in Chrome that can probably demolish even the newest, most up-to-date Android devices if the user visits an infected site.
The researcher who discovered the exploit is Guang Gong, and PacSec will be rewarding Guang for uncovering and releasing the exploit by flying him to the CanSecWest security conference for a ski trip in March of 2016. In addition to this, Google will also likely pay a bounty for the bug’s discovery, as a Google security representative at the event took Guang’s work back for consideration.
The vulnerability took the researcher three months of development to fully flesh out, but when he demonstrated it, the method proved scarily smooth and efficient. A Nexus 6, after visiting an unremarkable web address laced with the malicious script, was able to be taken over entirely by Guang, who used this access to download a BMX bike game on the device.
Pretty spooky stuff, all in all.