Guang Gong, at August 2017 filed an entry series throughout the Android Security Rewards (ASR) programme. It was the very first operating remote exploit series because the search giant has enlarged the ASR program. Gong was granted $105,000 (approximately Rs. 67,04,40), that Google claims is the maximum benefit from the ASR programme’s background. Furthermore, she had been given $7,500 (approximately Rs. 4,78,900) beneath the Chrome Rewards program too.
The technical aspects of this exploit were shown by Google on its own Android Developer’s site on Wednesday. The research giant thanked Gong, who’s out of Alpha Team, Qihoo 360 Technology, and the whole researcher for discovering and reporting security vulnerabilities. Meanwhile, Google reported the comprehensive set of problems has been resolved as a member of their December 2017 monthly security update, which curbed a total of 42 bugs.
While the primary one is really a V8 engine bug that’s used to acquire remote code execution from sandboxed Chrome render procedure the latter is really a bug in Android’s libgralloc module that’s used to escape Chrome’s sandbox. Google claims this exploit chain may be used to inject arbitrary code to system_server by accessing a malicious URL in Chrome.
Google, throughout the Android Security Rewards programme, recognises the donations of safety researchers working on Android’s safety attributes.
Back in June 2017, Google had raised that the ASR payout benefits for remote exploit series or pops resulting in TrustZone or even Verified Boot compromise from $50,000 (approximately Rs. 31,92,600
) to $200,000 (approximately Rs. 1,27,70,300). Through this application, Google has given researchers more than $1.5 million (approximately Rs. 9,57,77,200) so far, with the very best research staff earning $300,000 (approximately Rs. 1,91,55,450)for 118 vulnerability reports.