Home
Internet
Google Issue Tracker Bug, Now Fixed, Let Anyone See Internal List of Google Vulnerabilities

Google Issue Tracker Bug, Now Fixed, Let Anyone See Internal List of Google Vulnerabilities

By Indo-Asian News Service | Updated: 1 November 2017 14:19 IST

A security researcher discovered bugs in the Google Issue Tracker that deals with bugs and unpatched vulnerabilities, allowing potentially anyone to gain access to a full internal list. The bugs have since been fixed by Google.

According to a report in Motherboard in Wednesday, Alex Birsan found vulnerabilities inside the Google Issue Tracker - used internally to track unpatched bugs and feature requests for Google products.

The largest one of these was one that allowed the researcher to access the internal issue tracker. The company has quickly patched the bugs found by Birsan and there's no evidence anyone else found the bugs and exploited them, the report added.

Birsan found three bugs in the platform.

"Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you're spying on them," Birsan told Motherboard.

"They are all patched now and he received rewards of $3,133.7, $5,000, and $7,500 for reporting them to Google," the report said.

Issue Tracker is available outside of Google for use by external public and partner users who need to collaborate with Google teams on specific projects.

The platform has access control permissions that govern which users can find, view, create and modify issues for each project.

"We appreciate Alex's report. We've patched the vulnerabilities that he reported, as well as their variants," a Google spokesperson was quoted as saying.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.