Google has awarded a security researcher $112,500 for spotting a security threat in Google Pixel. Part of Alpha Team, researcher Gaung Gong had earlier found out an exploit chain in August 2017. The security exploit chain, which contained two bugs, CVE 2017 – 5116 and CVE 2017 – 14904 are capable of injecting arbitrary code into system server. It is after accessing the malicious URL in Chrome, which these bugs start their execution.
The amount of $112,500 is incidentally the highest one awarded by Google in the history of ASR programme.