Researcher awarded by Google for discovering flaw in Pixel phones

Search giant Google, as a part of its bounty-finding program, has rewarded a security researcher with over $112,500 for discovering a security bug in their Pixel line-up of smartphones. The security researcher named Guang Gong first submitted the exploit through Google’s Android Security Rewards (ASR) program back in August 2017. This was the first major security bug that anyone submitted ever since ASR incepted. Google claimed that Gong’s $105,000 award is the highest that anyone has received through their ASR program.

According to a report published by Gadgets 360, technical details regarding the security bug affected Pixel smartphones can be found on Google’s Android Developer blog. The search giant did not hesitate while thanking Gong from the Alpha Team (Qihoo 360 Technology), for discovering the flaw and reporting it to Google.

Apart from this, the search giant further confirmed that the complete set of issues were resolved as a part of December 2017’s monthly security update. They released a patch of at least 42 bugs through the update. “The exploit chain covers two bugs – The exploit chain covers two bugs – CVE-2017-5116 and CVE-2017-14904. While the first one is a V8 engine bug that is used to get remote code execution in sandboxed Chrome render process the latter is a bug in Android’s libgralloc module that is used to escape from Chrome’s sandbox,” reports Gadgets 360.

Google’s Android Security Rewards program essentially identifies all the contributions made by major security researchers on Android’s security features. The smartphones covered under this program are Google Pixel 2, Pixel, Pixel XL and Pixel C. The company also went on to roll out the ASR Payout reward to a higher amount so that researchers remain more motivated for reporting any kind of vulnerability in the device. Through this program, Google has