Google increases their bug bounty reward to a record $30,000 for white hat hackers that discover vulnerabilities in the Chrome browser.
More serious vulnerabilities, such as those that result in persistence in the browser can fetch up to a $150,000 reward.
In post on the Google Security blog, Google indicates they will increase the reward for finding vulnerabilities in the flagship browser. This is an increase from the original amount of $15,000.
When Google increases their bug bounty, it raises the bar for other bug bounty programs available to penetration testers.
“Chrome has always been built with security at its core, by a passionate worldwide community as part of the Chromium open source project,” says Google in a statement.
Despite Google increasing their bug bounty limit, for a security researcher to receive the full $30,000 they must submit a ‘high quality report’. Google defines such a report as one that:
- demonstrates root cause
- demonstrates the likelihood of exploit
- and provides a suggested patch
According to Google, the paid bug bounty program which began in 2010 has paid out more than $5 million for over 8,500 reports for Chrome alone. Google has paid out more than $15 million across all Google bug bounty programs.
This has resulted in an astounding number of vulnerabilities getting patched that could have otherwise been used to cause harm.
Speaking of vulnerabilities, there are over 800,000 systems still vulnerable to BlueKeep.
Do you think we will have to wait long before Google increases their bug bounty again? Leave a comment below!