Google Reveals Facts of $100K Chrome OS Errors

Google has announced publicly about the facts of a code execution exploit chain for Chrome OS that has received a researcher $100K. Google has declared its purpose to provide up to $100K for an exploit chain in March 2015 that would guide to an obstinate cooperation of a Chromebox or Chromebook in guest manner via a web page. Preceding to that, the organization had existing $50K for such an exploit.

A researcher who utilizes the online nickname Gzob Qq notified Google on September 18 that he had recognized a sequence of susceptibilities that could lead to obstinate code execution on Chrome OS, the system for functioning on Chromebox and Chromebook devices. The exploit chain comprises an out of limits memory obtain error in the V8 JavaScript engine (CVE-2017-15401), an honor appreciation in Page State (CVE-2017-15402), a facility injection fault in the network diag element (CVE-2017-15403), and symlink traversal concerns in clang reporter (CVE-2017-15404) and crypto-homed (CVE-2017-15405).

Gzob Qq, the researcher delivered Google an evidence of perception exploit verified with Chrome 60 and Chrome operating system platform version 9592.94.0. Google covered the vulnerabilities on October 27 with the launching of Chrome OS 62 platform version 9901.54.0/1, which also spoken the recently revealed KRACK susceptibilities. On October 11, Google notified the researcher that he had received the amount $100K Pwnium reward. Pwnium was a one-day hacking event that Google organize every year together with the CanSecWest seminar until February 2015, when it absolute to chance Pwnium into a year program.

The initial report of Gzob Qq’s that defines the complete exploit chain, Google announced publicly last week, along with the warning for each of the vulnerabilities it influences. It was not the first time the researcher has received a $100K reward from Google. Unevenly previous year, he stated a related Chrome OS exploit chain for which he earned the equal amount. One more researcher, named George Hotz had earned $150K at the Pwnium competition back in 2014 for an obstinate Chrome OS exploit.

Leave a Reply

Your email address will not be published. Required fields are marked *