A zero-day flaw was spotted on Google Chrome and it was an Apple employee who discovered it. For companies who have been dealing with obnoxious bugs, there's always a reward waiting to be given to those who will report them.
Unfortunately, it's already for the Cupertino-based worker to report the vulnerability. As a result, the employee was stripped of the precious $10,000 bug bounty.
Google Did Not Pay Up Bounty Bug to Apple Employee
Tech companies, no matter how big or small face a lot of problems in the industry. One of the most usual scenarios that they encounter is a security flaw in the system.
Usually, when there's a vulnerability, it's always ethical to tell the affected company about the presence of the malware, whether it's a rival firm or not. However, the case of an Apple employee who reported it late took a toll on Google.
As Apple Insider reports, the Apple worker did not immediately report the zero-days to Google even though he discovered it.
The search engine giant only said that the bug came out of the blue in March, the same time when the "Capture The Flag" (CTF) hacking competition happened.
While the Apple employee was a key element in the discovery of the flaw, Google did not thank the person since it already patched the flaw.
At the time, no one was aware that there was a zero-day exploit. The news only arrived to Google when the CTF team HXP's sisu reported it, TechCrunch reports.
Related Article : Google Mistakenly Sends $250,000 to Bored Ape Engineer - Payment Still on His Account?
Why the Apple Employee Did Not Report the Bug Immediately
The Apple employee admitted the reason why he did not immediately relay the bug report to Google. TechCrunch verified the identity of the employee after diving into a Discord channel. The publication said that the worker goes by the name Gallileo.
"It took me 2 weeks working on it full time to root cause, write [the] exploit [Proof of Concept], and write up the issue such that it can be fixed," Gallileo reasoned out.
The Apple employee added that the flaw was reported on June 5, but it took him some time to report it because he had to know the person who deployed it.
Furthermore, he said that the responsible person for the Google zero-day bug was out of the office (OOO). He lauded Google's effort to fix it right away, but he believed that it wasn't as urgent as other security flaws.
Originally, Google promised to reward the person who will tell the information about the bug.
The bug bounty which is worth $10,000 is supposedly for the Apple employee, but because it was not reported early, the reward was given to an anonymous person who reported it at the CTF contest.
The person protested that it was not him who discovered the bug and Google was aware of that. The company clarified that despite the protest, it won't reissue the reward to anyone else.
Last month, Google unveiled its latest security framework that will safeguard its artificial intelligence (AI) systems.