A recently disclosed vulnerability in Chrome for Android could allow an attacker to gain full control over nearly any Android device.
PacSec organizer Dragos Ruiu said the impressive thing about the exploit is the fact that it was one shot. Most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction, he said.
As a security researcher, Gong had no intentions of publically disclosing the inner workings of the exploit. Instead, he handed the details off to a Google security engineer in attendance who will take the exploit back to Google for futher testing. Gong said he had been working on developing the exploit for three months and believes it affects every version of Android running the latest version of Chrome.
The researcher won a trip to the CanSecWest security conference in March for his efforts and will likely receive a cash reward from Google as part of its bug bounty program.