An Apple employee discovered a zero-day bug in Google Chrome but did not report it as part of a competition. The bug was, in fact, reported by someone else which was later fixed by Google.
The bug was originally found by an Apple employee who was participating in a Capture The Flag (CTF) hacking competition in March, reports TechCrunch.
However, the Apple employee did not report the zero-day bug, meaning Google wasn’t aware of the bug and no patch had been issued yet.
“This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022,” the Google employee wrote in the official Bugs blog.
A Google spokesperson said that their understanding is public in the bug.
“We recommend reaching out to Apple for any further details,” the spokesperson was quoted as saying.
Apple did not comment on the report.
It’s not uncommon for CTF teams and CTF players to find zero-days during such competitions.
This bug was apparently discovered during the course of an independent CTF.
Neither Chrome, Google, or the ANGLE team was made aware of this issue via other sources at or prior to it being disclosed.