
Android zero-day used in the wild - ga-vu
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
======
wyldfire
> The bug is a local privilege escalation vulnerability that allows for a full
> compromise of a vulnerable device. If the exploit is delivered via the web,
> it only needs to be paired with a renderer exploit, as this vulnerability is
> accessible through the sandbox.

> It works on Pixel 1 and 2, but not Pixel 3 and 3a.

~~~
ga-vu
The actual issue:

> The exploit requires little or no per-device customization.

------
panpanna
Previous thread on this

[https://news.ycombinator.com/item?id=21155353](https://news.ycombinator.com/item?id=21155353)

