Google awarded over Rs 72 lakh to researcher for reporting Google Pixel vulnerability

The bug bounty highlights how serious the security issue was on the Google Pixel.

  • Published: January 19, 2018 12:15 PM IST
google pixel 2 xl homescreen

Google has awarded $112,500 (Rs 7,169,300 approximately) to a security researcher for reporting an exploit, which could be used to compromise its Pixel smartphones. This started back in August 2017, when Guang Gong from Alpha Team, Qihoo 360 Technology submitted an exploit chain through the Android Security Rewards (ASR) program. The exploit chain covers two bugs – CVE-2017-5116 and CVE-2017-14904.

The first vulnerability is a V8 engine bug, which can be used for remote code execution in sandboxed Chrome render process environments. The second security flaw is found in Android’s libgralloc module, and can be used to escape from Chrome’s sandbox.

Google says this exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome. The company said that clicking on such URLs through Google devices will potentially lead to the download of additional malware.

The company through the Android Security Rewards program recognizes the contributions of security researchers working on Android’s security features. As of October 2017, the smartphones covered under the program include Google Pixel 2, Google Pixel and Pixel XL, and Google Pixel C. The vulnerability chain was resolved as part of Google’s December security update, which patched a total of 42 bugs.

Till date, Google has paid researchers more than $1.5 million (Rs 95,647,500 approximately) through the ASR program.

You Might be Interested

Google Pixel


Buy Now
Android 7.1 Nougat
Snapdragon 821 Quad-Core 2.15GHz Processor
12.3 MP with f2.0 Aperture, LED flash, Phase detection auto-focus, laser auto-focus
Google Pixel 2


Android 8.0.1, Oreo
Qualcomm Snapdragon 835 Octa-Core 2.35GHz + 1.9GHz, 64-Bit Processor
12.2 MP with f/1.8 aperture
  • Published Date: January 19, 2018 12:15 PM IST