Google Chrome Bug Found by Apple Employee, Left Unreported: Report

In an unusual twist of events, Google has recently addressed a zero-day bug in Chrome that was initially discovered by an Apple employee. The manner in which this bug was discovered and reported has proven to be quite extraordinary.

The bug first came to light during a Capture The Flag (CTF) hacking competition in March, with the Apple employee being the first to spot the issue.

However, contrary to what might be expected, this employee did not bring the bug to Google’s attention. It was, in fact, another participant of the competition, who was not part of the team that found the bug, who eventually reported the issue to Google.

The bug reporter, identified as Sisu from CTF team HXP, submitted the information while the Apple employee, a member of Apple’s Security Engineering and Architecture (SEAR), kept silent.

Further information was uncovered when TechCrunch accessed a Discord channel where an individual claiming to be the Apple employee in question, going by the alias “Gallileo”, explained their delay in reporting the bug.

According to Gallileo, it took them two weeks of full-time work to pinpoint the cause of the bug and write a Proof of Concept exploit. The report, which was submitted through their company on June 5th, had to be signed off by other personnel before it could be handed over to Google.

Gallileo argued that there was no pressing need for the bug to be fixed immediately, as it was only known to a select few and the issue was not significant in real-world scenarios.

Who to believe here? Nonetheless, fixing a zero-day exploit is always a good thing but in this case it seems some Apple-Google rivalry may have got in the way, it seems.