Apple employee finds zero-day bug in Google Chrome

Share via:

Google recently fixed a zero-day bug in its Chrome browser, thanks to the unexpected help of an Apple employee. The circumstances surrounding the bug’s discovery and reporting are quite peculiar and have caught the attention of the tech community.

Google Unconventional Bug Discovery and Reporting

According to a Google employee, the zero-day bug was initially found by an Apple employee participating in a Capture The Flag (CTF) hacking competition in March. Surprisingly, the Apple employee did not report the bug, leaving Google unaware of its existence and lacking any patch to address the issue. Instead, another participant in the competition reported the bug to Google, despite not being the one who originally found it.

The Story from the Apple Employee’s Perspective

After the news broke, TechCrunch obtained insights from a Discord channel where someone claiming to be the Apple employee who found the zero-day bug explained their side of the story. The individual, known as Gallileo, clarified why they didn’t report the bug immediately. They spent two weeks working full-time on it to understand the root cause, create an exploit proof of concept, and compile the issue for a fix.

Gallileo emphasized that the bug was reported on June 5th through their company but faced delays due to the process of identifying the responsible person and obtaining necessary approvals. Furthermore, the responsible person was out of the office during that time. Gallileo questioned the urgency of fixing the bug, stating that only their team and Google were aware of it, and its impact in a real-world scenario might not be severe.

The Bug Fix and Bug Bounty

Google confirmed the bug fix on March 29 after the second participant reported it. Despite not being the original discoverer, the person who reported the bug received a $10,000 bug bounty from Google for their contribution.

CTF Teams’ Involvement in Bug Discoveries

Discovering zero-day bugs during Capture The Flag competitions is not uncommon, especially in high-profile challenges. Participants often find vulnerabilities in various systems, including those of competitors. However, what makes this particular incident intriguing is that an Apple employee discovered a bug in a Google product but chose not to report it, leading another participant to step in and report it instead.

Also Read The Latest News:
Dusminute Secures INR 11.5 Cr in Strategic Bridge Round Led by Inflection Point Ventures
Cybersecurity startup PingSafe raises $3.3 million in Seed Peak XV Partners

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Apple employee finds zero-day bug in Google Chrome

Google recently fixed a zero-day bug in its Chrome browser, thanks to the unexpected help of an Apple employee. The circumstances surrounding the bug’s discovery and reporting are quite peculiar and have caught the attention of the tech community.

Google Unconventional Bug Discovery and Reporting

According to a Google employee, the zero-day bug was initially found by an Apple employee participating in a Capture The Flag (CTF) hacking competition in March. Surprisingly, the Apple employee did not report the bug, leaving Google unaware of its existence and lacking any patch to address the issue. Instead, another participant in the competition reported the bug to Google, despite not being the one who originally found it.

The Story from the Apple Employee’s Perspective

After the news broke, TechCrunch obtained insights from a Discord channel where someone claiming to be the Apple employee who found the zero-day bug explained their side of the story. The individual, known as Gallileo, clarified why they didn’t report the bug immediately. They spent two weeks working full-time on it to understand the root cause, create an exploit proof of concept, and compile the issue for a fix.

Gallileo emphasized that the bug was reported on June 5th through their company but faced delays due to the process of identifying the responsible person and obtaining necessary approvals. Furthermore, the responsible person was out of the office during that time. Gallileo questioned the urgency of fixing the bug, stating that only their team and Google were aware of it, and its impact in a real-world scenario might not be severe.

The Bug Fix and Bug Bounty

Google confirmed the bug fix on March 29 after the second participant reported it. Despite not being the original discoverer, the person who reported the bug received a $10,000 bug bounty from Google for their contribution.

CTF Teams’ Involvement in Bug Discoveries

Discovering zero-day bugs during Capture The Flag competitions is not uncommon, especially in high-profile challenges. Participants often find vulnerabilities in various systems, including those of competitors. However, what makes this particular incident intriguing is that an Apple employee discovered a bug in a Google product but chose not to report it, leading another participant to step in and report it instead.

Also Read The Latest News:
Dusminute Secures INR 11.5 Cr in Strategic Bridge Round Led by Inflection Point Ventures
Cybersecurity startup PingSafe raises $3.3 million in Seed Peak XV Partners

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Ranjita Ghosh: Wipro elevates Ranjita Ghosh as new global...

Indian IT major Wipro on Monday announced the...

X raises Premium Plus subscription pricing by almost 40...

X has substantially raised the price of its...

Trump announces new tech policy picks for his second...

In a pair of Truth Social posts on...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!