A remarkable discussion started between giant technology giants Google and Apple. Google said that Apple’s cybersecurity experts identified a vulnerability in Chrome, but failed to take action because it failed to report it. Moreover, Google gave a reward of 10 thousand dollars to another cybersecurity expert who actually detected the known vulnerability in the next stage.
According to Google’s statement, the vulnerability in Chrome was detected by a cybersecurity researcher named “Gallileo” working for Apple during the HXP CTF 2022 events. However, when the notification was not made, no study was carried out on the vulnerability in question. However, another competitor participating in the same event also detected the vulnerability. The researcher named “Sisu” made the vulnerability appear.
So why didn’t the Apple employee report the vulnerability to Google?
This part is a little confusing. TechCrunch came across a statement on Discord by codename Gallileo, who works for Apple. According to Gallileo, the vulnerability was not so significant. It also took two weeks to prepare a report on this vulnerability. The staff, who shared the report he prepared with Apple, said that the vulnerability was reported to Google on June 5th. However, the zero-day gap detected in the HXP CTF 2022 events was actually closed on March 29.
Apple has not made an official statement on the matter. Google is also happy to close the vulnerability in spite of Apple. Cybersecurity researchers, however, are troubled by what happened. After all, zero-day vulnerabilities are critical for all users. Moreover, Apple instantly reports security vulnerabilities found according to its own security policies. It remains a mystery why the vulnerability detected for Google Chrome was not reported, why the employee did not take a step individually and pushed 10 thousand dollars with the back of his hand…