We all know how popular Bug Bounty programs are among all tech companies. Google usually pays up to $200,000 for finding a bug in the Android operating system. Recently, the search giant Google has awarded $112,500 to a security researcher for exposing a critical flaw in Google Pixel smartphones. Guang Gong, a security researcher from Qihoo 360 Technology’s Alpha Team reported a critical remote exploit chain flaw which affects Pixel smartphones via Google’s Android Security Rewards program in August 2017. The exploit chain covers two separate bugs, CVE-2017-5116 and CVE-2017-14904. Both can be used together to remotely inject code into the Pixel smartphones or any other Android’s system_server process whenever victim clicks a malicious URL in Chrome. After clicking on the malicious URL from chrome browser, hackers can gain full control to push additional malware, spy on them or even hijack the smartphone entirely. Guang Gong was awarded $105,000 for his findings and received a bonus of $7500 making it the total of $112,500. According to Google, this was the highest reward in the history of Android security rewards program. Google has already patched the bug in December’s security update before the announcement. So, what do you think about this? Share your views in the comment box below.
Δ