Google has paid a Chinese security researcher more than $110,000 for discovering two bugs that could be used to hijack its Pixel devices.
Guang Gong, a researcher with Qihoo 360 Technology, reported the bugs to Google through its Android Security Rewards programme last August, and the issues were fixed in the December 2017 security update (patch 2017-12-05).
The exploit chain includes two bugs: CVE-2017-5116 and CVE-2017-14904. The former is a V8 engine type confusion bug, which can be used for remote code execution in sandboxed Chrome render process environments. The latter, CVE-2017-14904, is a bug in Chrome's libgralloc module that can be used to escape from Chrome's sandbox. It is caused by a mismatch between map and unmap functions, causing a Use-After-Unmap issue.
Together, these bugs can be leveraged to inject code into the system_server process by opening a malicious URL in Chrome.
Pixel users clicking on such a link in Chrome could have had their devices compromised, which could include additional harmful software downloads or the theft of personal information.
Google increased the possible Android Security Rewards payouti n July, from $50,000 to as much as $200,000; Gong was the first to take home one of the new, higher payouts. He was awarded $105,000 by Google - the highest bounty in the programme's history - and $7,500 by Chrome Rewards.
To-date, Google has paid researchers more than $1.5 million through the ASR programme.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year