I-Google ibhengeze ukwandiswa kwenkqubo yayo yokufumana imali kwi-vulnerability bounty. Android, isikhangeli seChrome, kunye nezinto ezisisiseko. Umvuzo ophezulu wokudala i-exploit yeqonga AndroidI-zero-click exploit, evumela ukusetyenziswa kwekhowudi kwinqanaba le-chip yePixel Titan M2 ngaphandle kokunxibelelana nomsebenzisi, imiselwe kwi-$1.5 yezigidi ukuba umhlaseli uphumelela ekufumaneni indawo kwinkqubo, kunye ne-$750 kwiintlaselo ezingazinzisi ulawulo oluqhubekayo. Kusekwe izibonelelo ezongezelelweyo zokukhupha idatha eyimfihlo ekhuselweyo (ukuya kuthi ga kwi-$375) kunye nokudlula isikrini sokutshixa (ukuya kuthi ga kwi-$150).
Umvuzo ophezulu wokudala i-Chrome exploit evumela ukuba iphepha lewebhu livulwe, lidlule onke amanqanaba okwahlulahlula isikhangeli kunye nokusebenzisa ikhowudi kwinkqubo, yonyuswe ukuya kwi-$250. Ibhonasi eyongezelelweyo ye-$250 ($250128) iyafumaneka ukuba i-exploit ichaphazela imisebenzi yememori ekhuselwe yi-MiraclePtr mechanism. I-MiraclePtr ibonelela nge-pointer wrapper eyenza uhlolo olongezelelweyo kunye nokuphazamiseka ukuba ifumanisa ukufikelela kwiindawo zememori ezikhululekileyo.
Ukongeza, iChrome inikezela ngeebhonasi ezifikelela kwi-$10000 zokungabandakanyi indawo ethe tyaba okanye ulawulo lokufikelela kwiJavaScript (XSS), ezifikelela kwi-$5000 zokungasebenzisi imiqathango yokugcina, ukusebenzisa inkqubo yokunikezela, ukukhupha ulwazi lomsebenzisi, kunye nokufihla ii-URL kwibha yedilesi, kunye naphakathi kwe-$500 kunye ne-$7500 kwezinye iintlobo zeempazamo. Kwiingxaki ezithile ze-Chrome OS, iibhonasi ezifikelela kwi-$30000 ziyamiselwa, kunye ne-$10 yokwenza i-patch.
umthombo: opennet.ru
