Google recently fixed a zero-day bug in its Chrome browser, thanks to the unexpected help of an Apple employee. The circumstances surrounding the bug’s discovery and reporting are quite peculiar and have caught the attention of the tech community.
Google Unconventional Bug Discovery and Reporting
According to a Google employee, the zero-day bug was initially found by an Apple employee participating in a Capture The Flag (CTF) hacking competition in March. Surprisingly, the Apple employee did not report the bug, leaving Google unaware of its existence and lacking any patch to address the issue. Instead, another participant in the competition reported the bug to Google, despite not being the one who originally found it.
The Story from the Apple Employee’s Perspective
After the news broke, TechCrunch obtained insights from a Discord channel where someone claiming to be the Apple employee who found the zero-day bug explained their side of the story. The individual, known as Gallileo, clarified why they didn’t report the bug immediately. They spent two weeks working full-time on it to understand the root cause, create an exploit proof of concept, and compile the issue for a fix.
Gallileo emphasized that the bug was reported on June 5th through their company but faced delays due to the process of identifying the responsible person and obtaining necessary approvals. Furthermore, the responsible person was out of the office during that time. Gallileo questioned the urgency of fixing the bug, stating that only their team and Google were aware of it, and its impact in a real-world scenario might not be severe.
The Bug Fix and Bug Bounty
Google confirmed the bug fix on March 29 after the second participant reported it. Despite not being the original discoverer, the person who reported the bug received a $10,000 bug bounty from Google for their contribution.
CTF Teams’ Involvement in Bug Discoveries
Discovering zero-day bugs during Capture The Flag competitions is not uncommon, especially in high-profile challenges. Participants often find vulnerabilities in various systems, including those of competitors. However, what makes this particular incident intriguing is that an Apple employee discovered a bug in a Google product but chose not to report it, leading another participant to step in and report it instead.
Also Read The Latest News:
Dusminute Secures INR 11.5 Cr in Strategic Bridge Round Led by Inflection Point Ventures
Cybersecurity startup PingSafe raises $3.3 million in Seed Peak XV Partners
