yitit
Home
/
Mobile
/
Google Fixed A Zero-Day Vulnerability In Its Chrome Browser, Which Was Discovered By An Apple Employee, But Did Not Inform The Company
Google Fixed A Zero-Day Vulnerability In Its Chrome Browser, Which Was Discovered By An Apple Employee, But Did Not Inform The Company-April 2024
Apr 28, 2025 2:13 AM

Google has fixed a zero-day bug in its Chrome browser, but it was originally found by an Apple employee, who conveniently kept this information from the company. That Apple employee was participating in a Capture The Flag, or CTF hacking competition back in March when he discovered the vulnerability. It is rather strange that the employee left out valuable information, and there could be a plethora of reasons for this.

The zero-day bug existing in Chrome was later reported by someone else participating in the competition, giving Google the opportunity to patch it

A Google employee states that the participant from Apple was aware of the bug, but that person did not update the company. The vulnerability was later fixed when someone else from the competition informed Google. According to TechCrunch, evidence that the zero-day bug was discovered by an Apple employee is present in the official bug report below:

“This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022, which will be acknowledged in the security fix notes for the appropriate Stable channel release at the time they are updated.”

Later, TechCrunch saw a Discord channel where an individual, who goes by the name Gallileo, claimed to be the Apple employee that kept the information from Google. He explained his reasoning for not informing the advertising giant and also admitted that he was late in relaying crucial data to the relevant entity.

“It took me 2 weeks working on it full time to root cause, write [the] exploit [Proof of Concept] and writeup the issue such that it can be fixed. It was reported on June 5th, through my company. Yes it was late, there are multiple reasons for that. I first had to find the person responsible, the report had to be signed off by people and then the person responsible was OOO.

It’s commendable that chrome decided to fix it asap, but I think there wasn’t any real urgency. Only you and my team was aware of it and the issue is likely not that great in a real world scenario (doesn’t work on Android, pretty visible since it freezes the Chrome GUI for a few seconds).”

While it is not uncommon for Capture The Flag participants to find zero-day vulnerabilities during competitions, the fact that it was discovered by someone who works for a competing firm certainly makes for an interesting story. Whether or not Gallileo’s reasoning for not telling Google is true, you cannot help but wonder that this decision was made simply because the individual felt some form of loyalty to Apple.

Comments
Welcome to yitit comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Login to display more comments
Mobile
Recent News
Motorola is going to make a big announcement next week
Motorola is going to make a big announcement next week
Aqara Just Released a New Motion and Light Sensor
Aqara Just Released a New Motion and Light Sensor
Google Wants to Help You Make a Video With AI
Google Wants to Help You Make a Video With AI
Google Just Announced New AI Tools for Workspace
Google Just Announced New AI Tools for Workspace
About
Terms and Conditions Privacy policy Cookie Settings Contact Us
Services
Login register
yitit Hardware Computing Mobile Finance Software Deals
Links
zpostcode Recruit weather mreligion Yellowpages sport constellation shopping name game directory literature Word tour furnish Lottery tftnews lyrics News digital car dir Edu Finance
Copyright 2023-2025 - www.yitit.com All Rights Reserved