Skip to content

Google: Apple developer found zero day, failed to report


Google fixes zero-day bug in Chrome found by an Apple worker


Google not way back mounted a zero-day bug in Chrome that was found by an unlikely supply: an Apple employee taking part in a hacking contest. Whereas the bug itself is not unprecedented, the circumstances surrounding its discovery and reporting are fairly uncommon.

unusual discover

A Google employee revealed that the bug was first found by an Apple employee by way of the Seize the Flag (CTF) hacking contest in March. Nonetheless, Apple employees did not report the bug in time, regardless that it was a zero-day vulnerability. As a substitute, one other contest entrant reported it, regardless of not truly discovering the bug himself and by no means being a part of the crew that discovered it.

report an error

The scenario, stated the Google employee, was reported by Sisu of CTF HXP Group and situated by an Apple Safety Engineering and Building (SEAR) insider throughout HXP CTF 2022.

a rationalization emerges

After the story was revealed, a person claiming to be an Apple employee who found the bug shared his facet of the story in a Discord channel. He stated it took him two weeks of full-time work to arrange and construct an exploitable proof of idea for the bug. He additionally stated that the delay in reporting the bug was as a result of a need to hunt out the particular person accountable and get the required approval.

no fast response

Neither an Apple employee nor the bug reporter instantly responded to requests for remark. Moreover, Apple didn’t file any feedback when requested concerning the state of affairs. Google spokesman Ed Fernandez suggested contacting Apple for additional particulars.

frequency prevalence

Filippo Cremonese, a researcher who competes in CTF competitions with the Italian crew Mhackeroni, famous that it is commonplace for CTF teams and gamers to seek out zero-day vulnerabilities throughout competitions. Challenges of this nature and individuals who could also be excessive profile usually disclose such bugs.

a sudden reversal

What makes this specific bug discovery attention-grabbing is that it was discovered by an Apple employee inside a Google product, and for some unknown purpose, they opted to not report it. The one who lastly reported the bug talked about his motivation for doing so, to confirm that it was mounted, as they weren’t positive whether or not or not it had already been reported to the Chromium crew.

restore and reward

The bug was mounted by Google on March 29, and whereas he wasn’t the only real discoverer of the bug, it supplied a $10,000 bug bounty to anybody who reported it.


The story surrounding the invention and reporting of this zero-day bug in Chrome is crammed with uncommon circumstances. Whereas the bug itself is not extraordinary, the truth that an Apple worker found it in a Google product and opted to not report it’s a stunning twist. The fast motion Google has taken to deal with the bug and reward the reporter exhibits the significance of well timed bug reporting and accountable disclosure.

Ceaselessly Requested Questions (FAQ)

1. Who discovered the zero-day bug in Chrome?

The zero-day bug in Chrome was first found by an Apple employee throughout a hacking contest.

2. Why did not the Apple employee report the bug?

Apple personnel didn’t instantly report the bug for varied causes, together with the time it took to root out the set off, construct an exploitable proof of concept, and full the required analysis and approvals.

3. How was the bug reported?

The bug was reported by one other hack contest entrant, who was not a part of the crew that initially discovered the bug, however was required to inform Google to make sure it was mounted.

4. Was there a response from Apple concerning the bug?

No, Apple didn’t remark when requested concerning the bug and the circumstances surrounding its discovery.

5. How was the bug current in Chrome?

Google rolled out a patch on March 29 to repair the zero-day bug in Chrome.

6. Who acquired the bug bounty?

Google supplied a $10,000 bug bounty to anybody who skilled the bug, even once they did not initially discover it.

Please see this hyperlink for extra knowledge


To entry extra info, kindly check with the next link