Credit: Qidan He (@flanker_hqd), Gengming Liu (@dmxcsnsbh)
During the 2016 CanSecWest Mobile Pwn2Own competition, KeenLab combined three vulnerabilities into a full exploit chain against Android Nougat. A remote exploit against Chrome was followed by a sandbox escape in Chrome’s Intent parsing, allowing them to (jump from a sandboxed context to arbitrary application installation)