QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

Researchers have discovered 10 unique vulnerabilities, including four that could potentially be exploited, in Google’s Quick Share file-sharing solution, which allows users to send files between Android, Windows, and Chrome operating systems. Leveraging these bugs, the team was able to develop a remote code execution attack chain. With a forced WiFi connection and the ability to detect the name of an executable downloaded by a user, the researchers could overwrite files to replace the executable with a malicious file.