Quihoo 360 researcher Guang Gong developed this exploit over a period of three months, but did not fully explain the details of the exploit. A Google security engineer onsite acknowledged the vulnerability, and it looks like Google will pay a security bug bounty for the vulnerability. Better that than it being explouted by malicious groups, right?
With an exploit likethis, it is very likely that most modern versions of Android will have this vulnerability. Pretty scary if you think of the volume of people that can be directed and redirected to a malicious site. We can just hope that Google, Chrome, and indeed Java will plug this hole immediately.
VIA: The Register