Tech Gadget Central Latest Tech News and Reviews
According to the official bug report, Google fixed an Apple employee-discovered Chrome zero-day. The bug is unremarkable, but how it was found and reported to Google is.
A Google employee said an Apple employee participating in a March Capture The Flag (CTF) hacking competition discovered the bug. However, that Apple employee did not report the zero-day bug to Google, so no patch had been issued. The bug was reported by a competitor who didn’t find it and wasn’t on the team that did.
“Sisu from CTF team HXP reported this issue and a member of Apple Security Engineering and Architecture (SEAR) discovered it during HXP CTF 2022,” the Google employee wrote.
Why Apple didn’t report the bug in March is unknown.
Apple refused comment.
“Our understanding is public in the bug,” Google spokesperson Ed Fernandez wrote .
Fernandez advised contacting Apple for more information.
Could not reach the CTF team COPY, whose member found the bug, or sisu.
According to Filippo Cremonese, a researcher who competes in CTF competitions with the Italian team mhackeroni (possibly the best hacker team name), zero-days are common in challenges like this and “high-profile” competitions.
This bug was found in a Google product by an Apple employee, who didn’t report it.
The March 26 report stated that a team COPY member found the bug during a CTF organized by team XHP. The unnamed person said they reported it even though they didn’t find it because they weren’t “100% sure it was reported to the chromium team.”
“So I wanted to be safe,” they wrote.
Since you are disclosing this issue and there are no duplicates, it seems that the team that discovered it has chosen not to disclose it to us?” Google commented again on the bug report.
The bug report says it was fixed on March 29. The person who reported it, who did not find it, received a $10,000 bug bounty from Google.
