A new Chrome exploit that hackers have discovered puts every Android phone at risk of being under attacker's control.
PacSec organizer Dragos Ruiu explained to Vulture South, "The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction."
PC Mag noted that since Google has been notified about the bug during the conference, fixes are likely coming soon and those who wished to take advantage of this exploit would not be able to do so. And because Guang Gong did not fully disclosed the details to the public, he may be qualified to receive a reward under Google's bug bounty scheme.
Last month, two new Stagefright vulnerabilities were found, putting billions of users with devices running on Android OS versions as far back as 2008 at risk. Stagefright 2.0 can affect devices running Android versions older than Lollipop (5.0 to 5.1.1) through remote code execution, Zimperium said in a report. It can be exploited through Web browsers. Zimperium reportedly informed Google about these flaws on Aug. 15 and on Oct. 5, Google issued new patches as part of its Android Security Bulletin Monthly Release.