This content is blocked. Accept cookies to view the content.

Home / Google / Google awards researcher over $110,000 for Android exploit chain

Google awards researcher over $110,000 for Android exploit chain

Rob Bulmahn

Google has awarded a total of $112,500 to a security researcher for reporting an exploit chain which could be used to compromise Pixel mobile devices.

The tech giant revealed the technical details of the exploit chain on Wednesday.

In August 2017, Guang Gong from Alpha Team, Qihoo 360 Technology submitted an exploit chain through the Android Security Rewards (ASR) program.

The exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904.

The first vulnerability is a V8 engine type confusion bug which can be utilized for remote code execution in sandboxed Chrome render process environments.

The second security flaw is found in Android’s libgralloc module and can be used to escape from Chrome’s sandbox due to a map and unmap mismatch, which can, in turn, prompt a Use-After-Unmap error.

When combined, the vulnerabilities can be used by attackers to remotely inject arbitrary code into the system_server process when a malicious URL in Chrome is accessed.

If a user of a Pixel or other Android-based smartphone clicks on such a URL, their devices can be compromised, potentially leading to the download and execution of additional malware payloads, hijacking, and surveillance.

Google says the find is the first working remote exploit chain submitted through the program to date.

Gong was awarded $105,000 for his report, with an additional bonus of $7500 through the Chrome Rewards program.

The vulnerability chain was resolved as part of Google’s December security update, which patched a total of 42 bugs.

See also: Bug bounties: ‘Buy what you want’

In June 2017, Google increased the ASR payout rewards for remote exploit chain or exploits leading to TrustZone or Verified Boot compromise from $50,000 to $200,000.

The scheme has awarded researchers over $1.5 million to date, with the top research team earning $300,000 for 118 vulnerability reports.

Previous and related coverage

HackerOne aims to pay bug bounty hunters $100 million by 2020

The bug bounty platform predicts that 200,000 vulnerabilities will have been fixed by the same year.

Bug bounty hunter reveals DJI SSL, firmware keys have been public for years

Opinion: The researcher has discarded $30,000 to ensure there is full public disclosure of the drone maker’s poor security and revealing how not every bug bounty hunt ends well.

Samsung launches bug bounty program for mobile devices

Researchers can earn up to $200,000 for disclosing bugs impacting the security of your handsets.


Source link

Check Also

Apple shipped 600,000 HomePods in Q1: But it’s still dwarfed by Amazon, Google

Video: Will Apple’s HomePod make it in a crowded smart speaker market? Apple shipped around …

This content is blocked. Accept cookies to view the content.

This website uses cookies to give you the best experience. Agree by clicking the 'Accept' button.