Google decided to increase the minimum rewarding amount for the Chrome Vulnerability Rewards Program, according to TechCrunch. At this moment, the security researchers may receive up to 5,000 dollars on baseline reports, but Google announced the amount to be 15,000 dollars for high severity baseline rewards.
Also, the price paid for high-quality reports with functional exploits of the same category increased from 15,000 dollars, to 30,000 for these kinds of exploits. The bonus for exploits found via Chrome Fuzzer Google – a program that lets researchers write automated tests and run them on lots of machines – is also increasing from $500 to $1,000 for exploits found.
Google is particularly interested in one type of exploit: the one that compromises a Chromebook or Chromebox device running in guest mode that can not be fixed with a quick reboot. At the beginning, Google offered a 50,000 dollars reward but increased the prize to 100,000 dollars in 2016. Now, you can earn up to 150,000 dollars.
Google also introduced lokscreen bypasses as a new exploit category for Chrome OS rewards. Anyone who can get around the lockscreen can obtain 15,000 dollars.
According to the company, Google has already paid out more than 5 million dollars through the Chrome Vulnerability Program, since 2010, and over 15 million dollars across all the bug bounty programs.
The Google Play Security Reward Program also got an update. The program only covers apps that have specifically opted-in. The reward for remote code execution bug went from $5,000 to $20,000, the one for theft of insecure private data went from $1,000 to $3,000, whereas the reward for accessing protected app components went from $1,000 to $3,000.
Thus, Google will show more appreciation for all the security researchers that help ensure the security of their product. The changes already went into action, so you have a chance to earn money!
Ensuring the security of maintaining a cross-platform product is one of the hardest aspects for maintaining a cross-platform product. As vulnerabilities can be exploited on various platforms in various scenarios, it’s almost impossible for almost any company’s security department to fix all of them on their own. That’s why companies often use vulnerability disclosure rewards programs, which means giving money to the users someone who finds an issue in their product. Google has several programs of this kind and Chrome Vulnerability Rewards Program awards security researchers for exploiting vulnerabilities in Chromium, Chrome, and Chrome OS. For the company, the security of this product is crucial as there are a lot of Chromium-based browsers on the market.