Skip to main content

Apple employee reportedly didn’t tell Google about zero-day exploit found in Chrome

Avatar for Filipe Espósito  | Jul 20 2023 - 12:46 pm PT
6 Comments
Apple Safari and Google Chrome

As we often report here, it’s common for tech companies to help each other improve their security systems by sharing zero-day exploits found by security researchers. Google, for example, does this a lot. But recently, an Apple employee reportedly found a zero-day exploit in Google Chrome – and that bug was never reported to Apple by that person.

Apple didn’t tell Google about exploit found in Chrome

A recent update to the Google Chrome web browser fixes a zero-day exploit. And as companies usually describe who discovered the exploit and how it was fixed, the description of this one was somewhat intriguing. That’s because, according to a Google employee, the exploit was originally found by an Apple employee.

More specifically, the bug was found when the Apple employee was participating in a hacking competition known as “Capture The Flag,” or “CTF,” in March. When found, the exploit was a zero-day – meaning no one was aware of it until that moment. But while Google has now fixed that exploit, it wasn’t thanks to Apple’s security researcher.

“This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022,” the Google employee wrote in a blog dedicated to the Chromium platform (via TechCrunch).

TechCrunch’s report had access to a Discord channel where a person claiming to be the Apple employee who found the bug said “there wasn’t any real urgency” to fix the exploit immediately. The person explained that only Apple’s security research team knew about the exploit and that it’s not easily accessible in a real-world scenario.

Furthermore, the employee claimed that the exploit was reported to Google on June 5 and that the delay was due to the time it took for multiple people to sign off on the report.

iOS 16.5.1 security exploit | Purple iPhone wallpaper featuring Apple logos and iPhone 14

What do both companies have to say?

Neither the employees, Apple, nor Google commented on the situation to the press. But, of course, this could end up causing some disagreement between the two companies’ security teams. Earlier this year, Apple thanked Microsoft for finding an exploit that could lead to the bypassing of System Integrity Protection in macOS.

Google Project Zero researchers are also often given credit for finding zero-day exploits on Apple platforms.

Read also

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

Google

Google
Security

Security

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing