Android Bug Hunter Gets $112,500 Bounty From Google For Pixel Remote Exploit Chain
Gong is the first to report an Android exploit chain after Google introduced bigger cash rewards for finding bugs. He reported the bugs to the Android security team back in August 2017, and the fix was released as a part of the December security update. So, the affected devices with security patch level of 2017-12-05 are safe from the exploit.
While CVE-2017-5116 is a bug in the V8 engine that allows an attacker to execute arbitrary code in Google Chrome’s sandbox, CVE-2017-14904 can be used to get past the sandbox.
The two vulnerabilities when combined can allow an attacker to remotely inject arbitrary code into a Pixel device’s system_server process by making the user visit a crafted link. According to Guang, an example of the vulnerable environment to reproduce the exploit could be Pixel running Chrome 60.3112.107 and Android 7.1.2 (security patch level 2017-08-05).
Pixel phones are considered to the safest in the market. But this is not the first time Gong has exposed Google’s Pixel in the wild. At Pwn2Own 2016, his Qihoo 360 Alpha team won a cash prize of $120,000 for taking down a Pixel in just 60 seconds. However, there wasn’t a hacker team which managed to embarrass Pixel at Pwn2Own 2017 contest.
You can find more details about the Pixel remote exploit chain using this link.
Also Read: Firefox 58.0 “Quantum” Arrives With Faster Page Load Speeds And Code Compilation