Since 2010, Google has offered money to users who find and report bugs in Chrome. If being a digital bounty hunter sounds like a sweet gig, Google is upping the reward.
Highlights include tripling the maximum baseline reward amount from $5,000 to $15,000 and doubling the maximum reward amount for high quality reports from $15,000 to $30,000, according to a release from Chrome Security.
Chrome OS also increased its standing reward to $150,000 for exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode. Security bug in firmware and lock screen bypasses also get its own reward categories, according to Google.
“The additional bonus given to bugs found by fuzzers running under Chrome Fuzzer Program is also doubling to $1,000,” the release said.
Of course, Google has specific rules about what qualifies as a “high quality report,” which it details on its page. You can also read more about the reward money.
Google Play isn’t left out of the rewards either. Rewards for remote code execution bugs have increased from $5,000 to $20,000, theft of insecure private data from $1,000 to $3,000, and access to protected app components from $1,000 to $3,000, the release said.
If you “responsibly” disclose vulnerabilities to participating app developers, you’ll get a bonus, according to Google. You can read more about the program to learn more and see which apps qualify.
Since the Chrome Vulnerability Rewards Program’s creation in 2010, users have reported over 8,500 bugs and Google has paid over $5 million.
Source: Cnet.com
