Major Android Chrome exploit could make millions of phones vulnerable

News
By published

At least the good guys found the problem first

Android

A bug has been found in the Android version of Chrome that could potentially enable hackers to install and run whatever apps they like on your phone.

The Register first reported that the bug was found in Chrome's JavaScript v8 engine, meaning that the dodgy code could conceivably be loaded onto your phone if you visit a malicious website.

Worse still, as this bug was found in one of the newest Android handsets – Google's own Nexus 6 (Project Fi version) – it suggests the problem could affect lots of phones. Which is bad.

The good news, however, is that the bug wasn't discovered by evil hackers but by one of the good guys. Chinese hacker Guang Gong showcased the exploit at the MobilePwn2Own part of the PacSec conference in Tokyo – a meeting of security experts who show off what they've discovered for the kudos.

In fact, Gong could even be in line for a cash reward from Google for finding the problem, as part of its Android Security Rewards Program, so there's no need for him to become a super villain.

Google: we're aware

What's particularly notable is that the exploit works on its own in a single go, and doesn't require multiple vulnerabilities to work together.

When showing it off, the hacker demonstrated the size of the hole by installing an app (in this case, a BMX game) successfully without seeking the user's permission. This means that as a result of the vulnerability, unauthorised code could be run on your phone.

Gong has also apparently shared details of his exploit with Google, so that the company can build a patch to stop it working.

Google told techradar it's pleased about the find, adding: "Congratulations to Guang Gong, and thank you for ultimately making the Android and Chrome ecosystem safer and stronger."

It'll be interesting to see how long it will be before the patch cascades down to each individual Android handset, as one persistent criticism of the Android platform from security experts is that, because software updates are controlled by phone manufacturers and networks, it's harder to patch quickly – iOS, by contrast, can be patched easily by Apple at any point.

See more News about Phones
James O'Malley
Latest in Phones
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
The home screen on an iPhone 16e smartphone
I think the iPhone 16e is too expensive – and as it turns out, so does nearly everybody else
Apple iPhone 16 on orange background with big savings text overlay
You can get a free iPhone 16 Pro Max without a trade at Verizon right now - with one minor catch
Samsung Galaxy Z Fold 6 in Paris in front of the Louvre pyramid
5 things I want from the Samsung Galaxy Z Fold 7
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about phones
The Mail app running on iOS, with categories shown on-screen.

How to turn off Mail categories on iPhone, or customize them to your needs
Apple iPhone 16 Review

The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD