Google revealed details of vulnerabilities in Chrome, for which paid $ 100,000

As early as 2015, Google decided to “raise rates” and said that it would pay $ 100,000 to a specialist who will be able to create and demonstrate a chain of exploits that ensures a steady compromise of Chromebox or Chromebook through a web page in guest mode. Let me remind you that before that, the company offered $ 50,000 for such a proof-of-concept.

vulnerabilities in chrome

Last week, it became known that as early as September 2017, an IS specialist known as Gzob Qq discovered a number of vulnerabilities that allow for a persistent compromise of Chromebox or Chromebook devices while respecting the rest of the “task” conditions.

The chain of exploits of Gzob Qq included the following bugs: vulnerability in the JavaScript engine V8, associated with out-of-bounds access to memory (CVE-2017-15401); Privilege escalation in PageState (CVE-2017-15402); the ability to inject commands into the network_diag component (CVE-2017-15403); as well as the symlink traversal problem in crash_reporter (CVE-2017-15404) and cryptohomed (CVE-2017-15405).

The expert demonstrated to Google engineers a working proof-of-concept exploit, which was tested on Chrome 60 and Chrome OS version 9592.94.0. As a result, at the end of October, with the release of Chrome OS 62 version 9901.54.0 / 1, the problems found by the researcher were eliminated, along with the recently discovered vulnerability of KRACK.

As it turned out, back in October, the expert was informed that he was receiving a Pwnium reward of $ 100,000. But details about the attack and individual vulnerabilities were revealed only last week, and now a detailed report of Gzob Qq is available here.

It is worth noting that this is not the first time that Gzob Qq receives such a large reward for exploits and bugs.So, a year ago, he already received the same big award from Google, having demonstrated a very similar PoC-chain of exploits for Chrome OS.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge