Google Pays Researcher Record $112,500 for Android Flaw

  /     /     /  
Publicated : 22/11/2024   Category : security


Google Pays Researcher Record $112,500 for Android Flaw


The bug bounty reward, given to a researcher who submitted a working remote exploit chain, is Googles highest for an Android bug.



Google has awarded its highest-ever bug bounty for an Android flaw, the company announced this week. The $112,500 reward was paid to a researcher who submitted the first working remote exploit chain since the Android Security Rewards (ASR) program expanded in June 2017.
Guang Gong, from the Alpha Team at Qihoo 360 Technology, submitted his report in August. The exploit chain he found includes two bugs: CVE-2017-5116 and CVE-2017-14904. The first is a V8 engine bug used to get remote code execution in the sandboxed Chrome render process. The second, a bug in Androids libgralloc module, is used to escape from Chromes sandbox.
Together, the exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome. Gongs findings earned him $105,000 from ASR, the highest reward in the history of the program. He was also given $7,500 from the Chrome Rewards program.
The full set of issues Gong discovered was addressed in the December 2017 monthly security update, and all devices with security patches of 2017-12-05 or later are protected. Pixel devices and partner devices using A/B updates will automatically install the fixes when restarted.
Read more details
here
.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Pays Researcher Record $112,500 for Android Flaw