New Delhi:- According to comments in the official bug report, Google has fixed a Chrome zero-day discovered by an Apple employee. The bug itself isn't newsworthy, but the circumstances under which it was discovered and reported to Google are bizarre to say the least.
According to the Google employee, the flaw was originally discovered by his Apple employee who participated in the Capture The Flag (CTF) hacking contest held in March. However, this he Apple employee did not report the bug. Because it was zero day back then. This meant that Google was not aware of this bug and had not yet released a patch.
bug was instead reported by another person who was also in the contest, but who did not discover the bug himself or was part of the team that discovered it. "This issue was reported by sisu of CTF team HXP and discovered by members of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022," wrote a Google employee.
Also Read:- Ridley Scott's Napoleon's trailer was released by Sony Pictures and Apple TV+
TechCrunch took a look at the Discord channel after this article was first published. There, someone claiming to be his Apple employee who discovered the zero-day in the first place, in response to his Sisu who reported the bug to Google, was telling his own side of the story, specifically why he didn't report the bug sooner.
"I worked full-time for two weeks to find the cause, write an exploit (proof of concept), and write the problem in a way that could be fixed," the person, who identified himself as Galileo, wrote on July 6.
"It was reported through the company on June 5. Yes, it was late. There are several reasons for that. First, we had to find the person responsible, the report needed people's signatures, and then the person responsible was his OOO. Chrome's decision to fix this issue ASAP is commendable, but I don't think there was any real urgency. Only you and my team knew about this, and in a real-world scenario it probably wouldn't be too much of an issue (it doesn't work on Android, but it's very noticeable because the Chrome GUI freezes for a few seconds)," writes Galileo.
Also Read:- Whip Up Culinary Delights with These Mouthwatering Recipes
Galileo and Sisu did not respond to requests for comment. Apple did not respond to a request for comment. "Our understanding of the bug is public," Google spokesman Ed Fernandez told TechCrunch in an email. "He recommends contacting Apple for more information," Fernandez wrote.
According to researcher Filippo Cremonese, who has been participating in Italian team Mhackeroni's CTF competitions, it's not uncommon for CTF teams and CTF athletes to experience zero-days, especially in these types of challenges and "high-profile" competitions. What's interesting about this bug story is that it appears to have been discovered in his Google product by his Apple employee, who for some reason decided not to report the bug.
Also Read:- Google Maps: Redefining Navigation and Beyond with Innovative Features and Unmatched Convenience
In the first report dated March 26th, the reporter said someone on Team COPY discovered the bug during a CTF hosted by Team HXP. The person, who was not named in the report, said he was "not 100% sure if it was reported to the Chromium team" and decided to report it even if he couldn't find it himself.
"So I wanted to make sure," he wrote. "You are the one who published this issue and there is no duplicate. It looks like the team that discovered this issue decided not to share it with us?" the Google employee wrote in another comment on the bug report.
According to the bug report, this bug was fixed on March 29th. Google decided to pay the person who reported the bug a bounty of $10,000, but that person was not the person who discovered the bug.
Also Read:- Celebrating Eunice Newton Foote: Pioneer Scientist & Women's Rights Activist
On 5th June a Bug report came to Google that was found before but was not made aware of that to the Google as it was found by the Apple Employee in a competition. The Bug was reported on March 26 it was specified that by other person who belonged to the other team at the competition. Google after getting the bug report immediately fixed it but till then it was known as the Zero-Day.
