A Pakistani security researcher/ethical hacker has won US$ 5,000 in a combined bug bounty for identifying a huge bug in internet browsers Google Chrome and Mozilla Fire
The winner Rafay Baloch was awarded a hefty prize as he identified a spoofing bug, owing to which a hacker could display whatever URL in address bar and the rest of the content would be controlled by them. In other words, Facebook.com would display their fake login page but the address bar would say facebook.com.
So when someone enters the page, he is actually taken to the hackers webpage. The bug exists in many browsers apart from Chrome and Firefox that are used by 75 percent internet users.
Baloch said that Chrome and Firefox will fix the issue. However, because the flaw exists in other browsers, he refrained from disclosing the flaws as part of a responsible disclosure policy.
Rafay is an acclaimed bug reporter and security expert. He is an active participant is bug bounty programs and is listed in large number of hall of fame including Google, Facebook Microsoft, Twitter, Dropbox etc
