Google has been warned for years by users and cybersecurity organisations about the risk of vulnerabilities in Chrome. However, in the latest incident, Google claims that an Apple employee discovered a vulnerability in Chrome but failed to report it.
Apple employee didn’t report Chrome zero-day
An anonymous Apple employee discovered a zero-day bug in Google Chrome during a hacking competition in March. Interestingly, however, the vulnerability was not reported to Google by the Apple employee, but by another participant in the same contest.
After receiving the bug report, the software giant acknowledged the unusual situation in Chrome. It said it was “puzzled” why the Apple employee had not reported the bug. It should be noted that the vulnerability was closed at the end of March.
This situation, which has galvanised the cybersecurity community, is also inconsistent with Apple’s security policies. It is unclear why Apple’s security engineering and architecture staff did not report the zero-day.
On the other hand, Apple has not issued a statement on the matter. The company’s silence added to the mystery surrounding the incident. Google, on the other hand, said after the incident: “We have closed the vulnerability in Chrome. We encourage you to contact Apple for further details”.
Google also offered a $10,000 reward to the person who reported the bug. It was noted that this decision played an important role in reducing security risks in Chrome. It should be noted that Google Chrome is the clear leader in the internet browser market with a 62 per cent market share.
{{user}} {{datetime}}
{{text}}