Google has paid a Chinese security researcher more than $110,000 for discovering two bugs that could be used to hijack its Pixel devices.
Guang Gong, a researcher with Qihoo 360 Technology, reported the bugs to Google through its Android Security Rewards programme last August, and the issues were fixed in the December 2017 security update (patch 2017-12-05).
The exploit chain includes two bugs: CVE-2017-5116 and CVE-2017-14904. The former is a V8 engine type confusion bug, which can be used for remote code execution in sandboxed Chrome render process environments. The latter, CVE-2017-14904, is a bug in Chrome's libgralloc module that can be used to escape from Chrome's sandbox. It is caused by a mismatch between map and unmap functions, causing a Use-After-Unmap issue.
Together, these bugs can be leveraged to inject code into the system_server process by opening a malicious URL in Chrome.
Pixel users clicking on such a link in Chrome could have had their devices compromised, which could include additional harmful software downloads or the theft of personal information.
Google increased the possible Android Security Rewards payouti n July, from $50,000 to as much as $200,000; Gong was the first to take home one of the new, higher payouts. He was awarded $105,000 by Google - the highest bounty in the programme's history - and $7,500 by Chrome Rewards.
To-date, Google has paid researchers more than $1.5 million through the ASR programme.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago