Android: Bug Hunter Awarded $112,500 for Exposing Security Flaw in ‘Google Pixel’: – The Google has awarded $112,500 (roughly Rs. 71,83,300) to a security researcher so that the security flaw in Google Pixel smartphones can be exposed and discloses.
In last August 2017, Guang Gong submitted an exploit chain via the Android Security Rewards (ASR) programme. This is said to be the first working remote exploit chain post the search giant has expanded the ASR program.
Gong was awarded $105,000 (roughly Rs. 67,04,40), which Google regarded as the highest reward in the ASR programme’s history. As well, she was awarded $7,500 (roughly Rs. 4,78,900) under the Chrome Rewards program also reportedly.
On the last Wednesday, the technical all details of the exploit were also revealed by the Google on its Android Developer’s blog. The search giant thanked Gong, who is from Alpha Team, Qihoo 360 Technology, and the entire research community as the main thing has been fined and responsibly reporting security vulnerabilities.
In the meantime, the Google stated about the complete set of issues which can be resolved as part of the December 2017 monthly security update, this can be also patched a total of 42 bugs.
This exploit chain is said to cover two bugs – CVE-2017-5116 and CVE-2017-14904. At the same time as the first one is a V8 engine bug which can be used to receive the remote code execution in sandboxed Chrome provides process, eventually, this can be a bug in Android’s libgralloc module which is used to escape from Chrome’s sandbox.
The Google stated that this exploit chain can be used to inject arbitrary code into system server so that it can be worth of the accessing a malicious URL in Chrome.
The Google, via the Android Security Rewards programme, recognizes and identify the contributions of security researchers which are working on Android’s security features.
In the last October, the smartphones covered under the program include Google Pixel 2, Google Pixel and Pixel XL, and Google Pixel C.
In last June 2017, the Google had increased the ASR payout rewards for remote exploit chain or exploits leading to TrustZone or Verified Boot compromise from $50,000 (roughly Rs. 31,92,600) to $200,000 (roughly Rs. 1,27,70,300).
Via this program, Google has awarded researchers over $1.5 million (roughly Rs. 9,57,77,200) to date, with the top research team earning $300,000 (roughly Rs. 1,91,55,450)for 118 vulnerability reports.