Google awards $112,500 to Android bug hunter for exposing vulnerability affecting Google Pixel smartphones

By Shubham Sharma | Published on 19 Jan 2018
HIGHLIGHTS
  • The vulnerability primarily affected Pixel devices and was fixed by Google with the December security patch.

Google awards $112,500 to Android bug hunter for exposing vulnerability affecting Google Pixel smartphones

Google has awarded $112,500 (Rs 71,75,300 approx) to Guang Gong, a security researcher form Qihoo 360 Technology’s Alpha Team. Gong reported a severe remote exploit chain flaw affecting Pixel smartphones via Google’s Android Security Rewards (ASR) program in August last year. The researcher was awarded $105,000 (Rs 66,93,225 approx), which the company says is the highest reward in the history of the ASR program along with another $7500 (Rs 4,78,087 approx) by the Chrome Rewards program. 

The two bugs, CVE-2017-5116 and CVE-2017-14904 are remote exploit chain vulnerabilities. Google blog says, “CVE-2017-5116 is a V8 engine bug that is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from Chrome's sandbox. Together, this exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome.”

Google has detailed the exploit on its blog post and thanked Guang Gong along with the entire researcher community for their contributions to Android security. The company also stated that the security flaw was resolved on all Pixel and effected partner devices as part of the December 2017 monthly security update. The company’s Android security team had increased top payouts for the ASR program in June last year.

Google had also fixed Android devices affected by the Wi-Fi KRACK vulnerability with its December security patch. The KRACK security vulnerability was recently discovered by a security researcher who revealed that it affected almost every Wi-Fi enabled device. Before the fix, an attacker could potentially exploit the flaw for stealing sensitive information like credit card numbers, passwords, emails, and more. You can learn more about it here.

Shubham Sharma
Shubham Sharma

Email Email Shubham Sharma

Follow Us Facebook Logo

About Me: Interested in tech, gaming, cyber-security, anime, and more Read More

Tags:
Google Google bug bounty program Pixel pixel vulnerability december security patch
Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements
hot deals amazon
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
₹ 22999 | $hotDeals->merchant_name
Samsung Galaxy M21 2021 Edition (Arctic Blue, 4GB RAM, 64GB Storage) | FHD+ sAMOLED | 6 Months Free Screen Replacement for Prime (SM-M215GLBDINS)
Samsung Galaxy M21 2021 Edition (Arctic Blue, 4GB RAM, 64GB Storage) | FHD+ sAMOLED | 6 Months Free Screen Replacement for Prime (SM-M215GLBDINS)
₹ 11999 | $hotDeals->merchant_name
OnePlus Nord 2 5G (Blue Haze, 8GB RAM, 128GB Storage)
OnePlus Nord 2 5G (Blue Haze, 8GB RAM, 128GB Storage)
₹ 29999 | $hotDeals->merchant_name
Redmi 9 Power (Mighty Black 4GB RAM 64GB Storage) - 6000mAh Battery |FHD+ Screen | 48MP Quad Camera | Alexa Hands-Free Capable
Redmi 9 Power (Mighty Black 4GB RAM 64GB Storage) - 6000mAh Battery |FHD+ Screen | 48MP Quad Camera | Alexa Hands-Free Capable
₹ 10999 | $hotDeals->merchant_name
Redmi 9A (Nature Green, 2GB RAM, 32GB Storage) | 2GHz Octa-core Helio G25 Processor | 5000 mAh Battery
Redmi 9A (Nature Green, 2GB RAM, 32GB Storage) | 2GHz Octa-core Helio G25 Processor | 5000 mAh Battery
₹ 6999 | $hotDeals->merchant_name
DMCA.com Protection Status