If you’re an Android user that makes heavy use of Google’s Chrome web browser (and what Android user doesn’t?), you’ll want to pay close attention to a new exploit that has the capability of taking your smartphone hostage.
What makes the exploit so dangerous — which is another reason why we’re glad that this exploit hasn’t fallen into nefarious hands — is how easily it can take advantage of an Android device. “It was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," said PacSec organizer Dragos Ruiu.
Luckily, Google has been made well aware of the exploit and is no doubt working furiously to exterminate it. And since Gong was responsible enough not to release it into the wild with reckless abandon, he’ll likely be eligible to receive an award from Google’s bug bounty program. Since Gong used a Nexus 6 to demonstrate this new exploit, he could be eligible for up to an $8,000 reward from Google depending on its severity (in Google’s eyes).