May 22, 2018, 03:55 AM

News:

Choose a design and let our professionals help you build a successful website   - ITAcumens


Why Google awards Rs 71 lakh to this developer ? - Jan 2018 News

Started by Sudhakar, Jan 21, 2018, 06:40 AM

previous topic - next topic
Go Down

Sudhakar

Why Google awards Rs 71 lakh to this developer ? - Jan 2018 latest update

The search engine giant, Google has rewarded $112,500 (Rs 71.83 lakh) to a developer for reporting a serious Android bug. This is the highest reward offered by the Google in its history.

An exploit chain reported by the security researcher could compromise the security of Google's Pixel devices. Guang Gong of Alpha Team from Qihoo 360 Technology Co Ltd submitted the first working prototype of the exploit in August 2017. Google offered an immediate reward of $105,000 (Rs 67.04 lakh) for the detailed report and an additional $7500 (Rs 4.78 lakh) by Chrome Rewards program, making it to the total of $112,500 (Rs 71.83 lakh).

Guang Gong discovered a remote exploit chain in Pixel phone along with his Alpha Team from Qihoo 360 Technology Co Ltd. Since the Pixel Phone is protected by layers of security, Gong was surprised with this discovery. Pixel is probably the only device that was pwned in 2017 Mobile Pwn2Own competition.

Google acknowledged the exploit chain and codenamed them as, CVE02917-5116 and CVE-2017-14904. The first identified vulnerability is a V8 engine type confusion bug. It can further lead to remote code execution in sandboxed Chrome render process environments.

The second flaw is identified in Android's libgralloc module. The flaw can be used to escape from Chrome's sandbox. The map and unmap mismatch lead to the execution of this bug. If both the vulnerabilities are combined, an attacker can remotely inject a malicious code into a targeted Pixel phone. The injected code in the system_server process executes when a malicious URL is launched in the Chrome browser.

If the targeted users open the URL, their devices can be compromised. A remote attacker can hijack the data and even use the device's hardware for surveillance. This is a major vulnerability and probably first working remote exploit chain submitted through Android Security Rewards (ASR) program till the date.

The company has patched the bugs in December's security update. The monthly update patches a total of 42 bugs. All Pixel users and partner devices will automatically install these updates. The user has to restart to complete the installation of these bug patches.

Google has increased the bug bounty payouts for its Android Security Rewards (ASR) program. The company has worked closely with the researchers to streamline the process recently. The developers and security researchers from around the world can submit their findings of Android exploits, vulnerabilities under Android Security Rewards (ASR) program.

- Rajat Kabade

Source : https://www.techgig.com/tech-news/Why-Google-awards-Rs-71-lakh-to-this-developer-152853

Go Up
 

Quick Reply

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Note: this post will not display until it's been approved by a moderator.
Name:
Email:
Verification:
Please leave this box empty:

Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:

shortcuts: alt+s submit/post or alt+p preview
IT Acumens | GinGly :: SMS Backup | Acumen :: Discussion Board | AshokPillar :: Hosting | CineBuzz :: Latest Cinema News | My Kids Diary :: Capture your kids magical moment
Copyright 2005 - 2017 :: IT Acumens :: All Rights Reserved.
ITAcumens Forum with 2 lakhs post running for 10 years - Powered by HostGator Dedicated Server