A new vulnerability was discovered in Android earlier this month in the PacSec conference held in Tokyo, Japan. One of the security researchers, Mr. Guang Gong, found a security bug in the V8 javascript engine used by the Google Chrome web browser for Android. This vulnerability allows a remote attacker to use javascript code to install any app in the target Android smartphone without any user interaction whatsoever. At the conference, Mr. Gong demonstrated this by visiting a specially coded website which ended up in an app being installed on the Android phone secretly. Google is working to fix this vulnerability, but in the meanwhile you can protect yourself by simply disabling javascript in Chrome browser. Here is how:
- Open the Google Chrome web browser in your Android smart-phone. Touch the hamburger icon near the top-right corner of the screen to open the browser menu and select Settings from there.
- On the settings screen that shows up, select Site settings from the list.
- The next screen will display various options meant for controlling how Chrome renders various web sites opened in it and allows you to disable some of the components of sites. Select Javascript from the list of options displayed here.
- Use the flip switch to disable and turn off javascript for all the sites that you visit in Chrome. If you want to enable javascript for some trustworthy website then you can add it to a whitelist.
In addition to disabling the javascript in Chrome browser, you can further mitigate the risks involved with the newly discovered vulnerability in the Chrome for Android by switching to some other web browsers temporarily. There are so many other web browsers for Android that are as good as Chrome, for example, Opera and Firefox to name a few standard and secure ones.