Google has announced that it has increased the payouts for security flaws reported through its Vulnerability Reward Program, particularly for Google Chrome.
The maximum reward for a single bug now exceeds $250,000, more than doubling the previous amount. The increase is intended to incentivize high-quality reporting and deeper research into Chrome vulnerabilities, with the aim of exploring them to their full impact and exploitability potential. The company has also more than doubled reward amounts for MiraclePtr bypasses to $250,128 from $100,115. Google will reward reports for various classes of vulnerabilities depending on their quality, impact, and potential harm to Chrome users.
All reports are still eligible for bonus rewards when they include applicable characteristics. Additionally, the Play Security Reward Program will close for submissions of new reports at the end of August due to a decrease in the number of actionable vulnerabilities reported. Furthermore, Google has launched kvmCTF, a new VRP first unveiled in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor, offering $250,000 bounties for full VM escape exploits.
Since launching its Vulnerability Reward Program in 2010, Google has paid over $50 million in bug bounty rewards to security researchers who reported more than 15,000 vulnerabilities.
Original story: https://www.bleepingcomputer.com/news/google/google-increases-chrome-bug-bounty-rewards-up-to-250-000/
