Security researcher found bugs in Google's bug tracker


San Francisco, Nov 1 (IANS): A security researcher has discovered bugs in Google's platform that deals with bugs and unpatched vulnerabilities, leading him to gain access to the company's sensitive internal systems.

According to a report in Motherboard in Wednesday, Alex Birsan found vulnerabilities inside the Google Issue Tracker - used internally to track bugs and feature requests during product development.

The largest one of these was one that allowed the researcher to access the internal platform at all. The company has quickly patched the bugs found by Birsan and there's no evidence anyone else found the bugs and exploited them, the report added.

Birsan found three bugs in the platform.

"Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you're spying on them," Birsan told Motherboard.

"They are all patched now and he received rewards of $3,133.7, $5,000, and $7,500 for reporting them to Google," the report said.

Issue Tracker is available outside of Google for use by external public and partner users who need to collaborate with Google teams on specific projects.

The platform has access control permissions that govern which users can find, view, create and modify issues for each project.

"We appreciate Alex's report. We've patched the vulnerabilities that he reported, as well as their variants," a Google spokesperson was quoted as saying.

  

Top Stories


Leave a Comment

Title: Security researcher found bugs in Google's bug tracker



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.