Gong hijacked a Google Project Fi Nexus 6 running the Android 6.0 Marshmallow and with all applications up-to-date gaining complete control of the smartphone.
“Off line we also tested his exploit on some other phones and it looks like it works on many targets – so I guess the three months he put into developing it delivered results. Since we don’t have any lavish prizes for him, I’m bringing him to Canada next year for some skiing/snowboarding at CanSecWest.” said Ruiu.
— dragosr (@dragosr) 11 Novembre 2015
Gong hasn’t disclosed the technical details of the Chrome exploit but already reported it to Google that probably will reward it.
Waiting for a fix, Android users can use alternative browsers.
(Security Affairs – Android, Chrome exploit)