Android Bug Hunter Awarded Over $100,000 for Exposing Security Flaw in Google Pixel

Advertisement
By Sumit Chakraborty | Updated: 18 January 2018 18:37 IST
Highlights
  • Researcher rewarded under Android Security, Chrome Rewards programmes
  • Researcher submitted the exploit chain in August 2017
  • Issues resolved as part of the December 2017 monthly security update

Google has awarded $112,500 (roughly Rs. 71,83,300) to a security researcher for exposing a security flaw in Google Pixel smartphones. Guang Gong, in August 2017 submitted an exploit chain through the Android Security Rewards (ASR) programme. It was the first working remote exploit chain since the search giant has expanded the ASR program. Gong was awarded $105,000 (roughly Rs.  67,04,40), which Google claims is the highest reward in the ASR programme's history. Additionally, she was awarded $7,500 (roughly Rs. 4,78,900) under the Chrome Rewards program as well.

The technical details of the exploit were revealed by Google on its Android Developer's blog on Wednesday. The search giant thanked Gong, who is from Alpha Team, Qihoo 360 Technology, and the entire researcher community for finding and responsibly reporting security vulnerabilities. Meanwhile, Google said the complete set of issues was resolved as part of the December 2017 monthly security update, which patched a total of 42 bugs.

Advertisement

The exploit chain covers two bugs - CVE-2017-5116 and CVE-2017-14904. While the first one is a V8 engine bug that is used to get remote code execution in sandboxed Chrome render process the latter is is a bug in Android's libgralloc module that is used to escape from Chrome's sandbox. Google says this exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome.

Google, through the Android Security Rewards programme, recognises the contributions of security researchers working on Android's security features. As of October 2017, the smartphones covered under the program include Google Pixel 2, Google Pixel and Pixel XL, and Google Pixel C.

Advertisement

In June 2017, Google had increased the ASR payout rewards for remote exploit chain or exploits leading to TrustZone or Verified Boot compromise from $50,000 (roughly Rs. 31,92,600
) to $200,000 (roughly Rs. 1,27,70,300). Through this program, Google has awarded researchers over $1.5 million (roughly Rs. 9,57,77,200) to date, with the top research team earning $300,000 (roughly Rs. 1,91,55,450)for 118 vulnerability reports.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. OTT Releases This Week: Peddi, Ikka, Balti, Dose, The Westies, and More
  2. Apple Reviews iPhone 17 Demand as Costs Rise Due to Memory Shortage: Report
  1. Tecno Camon 50 Ultra 5G India Launch Date Announced; Colourways and Amazon Availability Confirmed
  2. Apple Reportedly Reviews iPhone 17 Demand as Costs Rise Amid Ongoing Memory Shortage
  3. Interpol Traces $122 Million Crypto Wallet Connected to Romance Scam Network
  4. Hong Kong's Securities and Futures Commission Tightens Anti-Phishing Standards for Crypto Platforms
  5. Itel Zeno 100 Pro India Launch Date Announced as Company Teases Zeno 100 Lite Arrival, Key Features
  6. Sony RX10 V Compact Camera Launched With 20.1-Megapixel Sensor, 4K 120fps Video Recording and 25x Optical Zoom
  7. Motorola Edge 70 Max India Launch Date Announced; Design, Key Features Revealed
  8. Asus Vivobook 14, Vivobook 15 Refreshed With Intel Core Series 3 Processors: Price, Availability
  9. Call of Duty: Black Ops and Black Ops 2 Ports Released on PS4 and PS5
  10. Samsung Galaxy Z Fold 8, Z Fold 8 Ultra Prices Surface Ahead of Unpacked Launch Event
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.