Google has paid a Chinese security researcher more than $110,000 for discovering two bugs that could be used to hijack its Pixel devices.
Guang Gong, a researcher with Qihoo 360 Technology, reported the bugs to Google through its Android Security Rewards programme last August, and the issues were fixed in the December 2017 security update (patch 2017-12-05).
The exploit chain includes two bugs: CVE-2017-5116 and CVE-2017-14904. The former is a V8 engine type confusion bug, which can be used for remote code execution in sandboxed Chrome render process environments. The latter, CVE-2017-14904, is a bug in Chrome's libgralloc module that can be used to escape from Chrome's sandbox. It is caused by a mismatch between map and unmap functions, causing a Use-After-Unmap issue.
Together, these bugs can be leveraged to inject code into the system_server process by opening a malicious URL in Chrome.
Pixel users clicking on such a link in Chrome could have had their devices compromised, which could include additional harmful software downloads or the theft of personal information.
Google increased the possible Android Security Rewards payouti n July, from $50,000 to as much as $200,000; Gong was the first to take home one of the new, higher payouts. He was awarded $105,000 by Google - the highest bounty in the programme's history - and $7,500 by Chrome Rewards.
To-date, Google has paid researchers more than $1.5 million through the ASR programme.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment