Just In
- 12 hrs ago Moto G64 5G vs Vivo T3x 5G vs Realme P1 5G: Battle of the Affordable 5G Smartphones!
- 20 hrs ago 11 Exciting Features Coming With Android 15: Satellite Connectivity, App Pairs, App Archiving, and More
- 21 hrs ago Best Phones Under Rs 15,000 That Are Optimised for BGMI (PUBG Mobile)
- 1 day ago Best Noise-Cancelling Earbuds Under Rs 5,000: CMF Buds Pro, Redmi Buds 5, Realme Buds Air 5, and More
Don't Miss
- Sports Who Won Yesterday's IPL Matches? KKR vs RCB & PBKS vs GT Match Scores On April 21 - Kolkata Knight Rideres and Gujarat Titans Emerge Victorious
- News Russia Warns Of Rice Import Ban From Pakistan Over Food Safety Concerns
- Finance Missed Your Voter ID Card? Here Are 10 Alternate Documents You Can Use This Election Season!
- Movies Love Sex Aur Dhokha 2 Cast Salary: HOW MUCH Was Mouni Roy Paid For Her CAMEO In LSD 2? GUESS The FEE -
- Lifestyle World Earth Day 2024 Wishes, Greetings, Images, Twitter Status And Instagram Captions
- Automobiles Ensuring Car Fitness Ahead Of A Road Trip: Top Tips & Tricks You Need To Know
- Education Assam Class 10 Result 2024 Declared: Anurag Emerged as the Top Performer With 593 Marks
- Travel Journey From Delhi To Ooty: Top Transport Options And Attractions
Security researcher awarded huge sum after finding a flaw in Google Pixel smartphones
Google has confirmed that the complete set of security issues were resolved as part of the December 2017 security update, which fixed a total of 42 bugs.
When Google Pixel was launched it came with a serious security flaw that could be used to compromise the devices. However, the vulnerability was later discovered by a security researcher named Guang Gong from Alpha Team, Qihoo 360 Technology in August 2017. He had submitted an exploit chain through the Android Security Rewards (ASR) program.
After which Google did confirm that the complete set of issues were resolved as part of the December 2017 security update, which fixed a total of 42 bugs. While Pixel users can feel safe now, the search giant has now awarded a total of $112,500 (roughly Rs. 71,74,687) to the security researcher for reporting an exploit chain in Pixel devices.
Google claims that it is the highest reward in the ASR programme's history. Additionally, Guang also received an extra bonus of $7500 (roughly Rs. 4,78,312) through the Chrome Rewards program.
While Google is thankful to Guang and the entire research community for finding and reporting security vulnerabilities, the company has revealed all the technical details of the exploit on its Android Developer's blog.
Just to highlight some of the key points, the exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904.
According to Google's report, the first vulnerability CVE-2017-5116 is a V8 engine type confusion bug which can be utilized for remote code execution in sandboxed Chrome render process environments. The second security flaw CVE-2017-14904 as per the report was found in Android's libgralloc module and it could be used to escape from Chrome's sandbox due to a map and unmap mismatch, which could, in turn, prompt a Use-After-Unmap error.
"Together, this exploit chain could be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome," the company has stated.
So basically what happens here is that if any Pixel owner or other Android-based smartphone users clicked on such URL, their devices could be compromised, further leading to the malicious downloads and ultimately malware payloads, hijacking, and surveillance. But the good thing to take away from here is that these issues have been fixed.
Meanwhile, Google has said that the find is the first working remote exploit chain submitted through the program to date.
If you are unaware, Google has an Android Security Rewards program and it offers rewards to security researchers working on Android's security features. Smartphones covered under the program currently include Google Pixel 2, Google Pixel and Pixel XL, and Google Pixel C.
Last year in June 2017, Google also increased the ASR payout rewards for remote exploit chain or exploits leading to TrustZone or Verified Boot compromise from $50,000 (roughly Rs. 31,92,600
) to $200,000 (roughly Rs. 1,27,70,300). Until now Google has awarded researchers over $1.5 million (roughly Rs. 9,57,77,200) to date, with top research team earning $300,000 (roughly Rs. 1,91,55,450) for 118 vulnerability reports.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
18,800
-
62,425
-
1,15,909
-
93,635
-
75,804
-
9,999
-
11,999
-
3,999
-
2,500
-
3,599