Google awards $112,500 to Android bug hunter for exposing vulnerability affecting Google Pixel smartphones

By Shubham Sharma | Published on 19 Jan 2018
HIGHLIGHTS

The vulnerability primarily affected Pixel devices and was fixed by Google with the December security patch.

Google awards $112,500 to Android bug hunter for exposing vulnerability affecting Google Pixel smartphones

OnePlus TV 32Y1 - Smarter TV

Android TV with superior craftsmanship and elegant design - Buy Now

Click here to know more

Advertisements

Google has awarded $112,500 (Rs 71,75,300 approx) to Guang Gong, a security researcher form Qihoo 360 Technology’s Alpha Team. Gong reported a severe remote exploit chain flaw affecting Pixel smartphones via Google’s Android Security Rewards (ASR) program in August last year. The researcher was awarded $105,000 (Rs 66,93,225 approx), which the company says is the highest reward in the history of the ASR program along with another $7500 (Rs 4,78,087 approx) by the Chrome Rewards program. 

The two bugs, CVE-2017-5116 and CVE-2017-14904 are remote exploit chain vulnerabilities. Google blog says, “CVE-2017-5116 is a V8 engine bug that is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from Chrome's sandbox. Together, this exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome.”

Google has detailed the exploit on its blog post and thanked Guang Gong along with the entire researcher community for their contributions to Android security. The company also stated that the security flaw was resolved on all Pixel and effected partner devices as part of the December 2017 monthly security update. The company’s Android security team had increased top payouts for the ASR program in June last year.

Google had also fixed Android devices affected by the Wi-Fi KRACK vulnerability with its December security patch. The KRACK security vulnerability was recently discovered by a security researcher who revealed that it affected almost every Wi-Fi enabled device. Before the fix, an attacker could potentially exploit the flaw for stealing sensitive information like credit card numbers, passwords, emails, and more. You can learn more about it here.

logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Advertisements

Trending Articles

Advertisements

latest articles

View All
Advertisements

Top Products

Popular Mobile Phones

View All
hot deals amazon

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status