• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Google News

Researcher Identifies Bugs in Google’ Bug Tracker Program

November 2nd, 2017 Uzair Amir Security, Google News 0 comments
Researcher Identifies Bugs in Google’ Bug Tracker Program
Share on FacebookShare on Twitter

A security researcher has identified bugs in Google’s bug tracker platform Issue Tracker. It is indeed ironic that the software intended to deal with unpatched vulnerabilities and bugs during product development itself is loaded with bugs through which the researcher managed to access sensitive internal systems of Google.

Issue Tracker program is to be used by external public and partner users who work with Google’s team on different projects. This program gives access control permissions to users so that they could find, create, view and modify issues for any project.

The researcher Alex Birsan discovered that the Issue Tracker had several vulnerabilities out of which the most critical was the one allowing him to access the company’s internal systems, which were quite sensitive. If this particular vulnerability is exploited, anyone can spy upon Google and access every single vulnerability report sent to Google by users. It would be quite difficult for Google to detect that someone is spying on them.

[q]Researcher Identifies Bugs in Google’ Bug Tracker Program and Receives Cash as Reward[/q]

In a detailed blog post, Birsan explained how he identified the bugs in Issue Tracker. He wrote that by examining the way Issue Tracker handled the communication about a bug he reported, he became suspicious and the further probe revealed that he needed an @google.com email ID for accessing the internal bug database. The address although was useless at the gate but provided him access to other areas and even let him explore Google’s GRide corporate car service.

Then he used a standard method to check the bugs closely, which was that he found bugs in the tracker so that it notifies him about the progress of the software, but it was identified that the software worked only on “translation related conversations.”

Afterwards, Birsan tested the API of Issue Tracker and managed to find a way to receive all details about a bug by requesting it to remove an email ID from an issue thread.

It is worth noting that Google has patched the bugs identified by Birsan and that’s why it is not possible that someone could exploit them. Reportedly, Birsan received a cash reward of $3,133.7, $5,000, and $7,500 for discovering the bugs.

Google’s spokesperson confirmed that Birsan did identify vulnerabilities in Issue Tracker, which have been patched now.

“We appreciate Alex’s report. We’ve patched the vulnerabilities that he reported, as well as their variants,” stated Google’s spokesperson.

[fullsquaread][/fullsquaread]

  • Tags
  • Bug Bounty
  • Google
  • hacking
  • Infosec
  • internet
  • Privacy
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Malicious Chrome Extension Steals 'All Posted Data' without Login Credentials
Next article Hackers Stole $150,000 from Cryptocurrency Wallets Using CryptoShuffler Trojan
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

56
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

113
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

554

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us