November 14, 2024

Google says an Apple employee found a serious Chrome zero-day, but did not report it

0

 

An Apple employee knew about a bug in the Chrome browser but did not report it to Google’s developers, reports have claimed.

A comment on the Chromium bug report site instead credits another individual for notifying Google, noting, “This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022, which will be acknowledged in the security fix notes for the appropriate Stable channel release at the time they are updated.”

At the time, the bug was a zero-day, however a TechCrunch report says that Google’s $10,000 bug bounty was awarded to the individual who reported the bug, not the Apple employee who discovered the bug.

Chrome bug left unreported by Apple employee

Usually, tech companies work together to notify each other of bugs in the interest of cybersecurity, despite going head-to-head in other aspects of business.

Gallileo, an individual claiming to be the Apple employee in question on a Discord channel viewed by TechCrunch, said:

“It was reported on June 5th, through my company. Yes it was late, there are multiple reasons for that. I first had to find the person responsible, the report had to be signed off by people and then the person responsible was [out of office]. It’s commendable that chrome decided to fix it asap, but I think there wasn’t any real urgency.”

On the flip side, the individual responsible for breaking the news to Chromium developers said:

“TBH, I have not looked into the issue since I did not discover the bug. However, I’m not 100% sure it was reported to the chromium team, so I wanted to be safe… This report is to ensure it gets handled in case team COPY has not yet reported it.”

TechRadar Pro asked both companies – Google and Apple – for more information about the miscommunication. Neither immediately responded to our request.

Check out the best firewalls

Via TechCrunch