Google has several different vulnerability rewards programs tied to different products, and it pays out huge sums each year to researchers find these security bugs. This, in turn, protects users from data theft and other nefarious activity, so it's good to see that Google is increasing the bounties for its Chrome Vulnerability Rewards Program.
The scheme has been in place since 2010 and has garnered more than 8,500 reports since then. To reward that hard work, over $5 million has been paid out, and Google is likely to pay out even greater sums in the future with the new rewards in place. The maximum figure for a high-quality report is increasing from $15,000 to $30,000, while the baseline goes from $5,000 to $15,000. The Chrome Fuzzer Program reward amount is also being doubled to $1,000. The biggest sum on offer is for finding a Chrome exploit chain — this will net you up to $150,000.
A fresh clarification of what is considered a high-quality report — as well as further details on the program in general — can be found on Google's Application Security site. Bug categories that should be used by reporters have also been updated. If you want to file a report, the place to do that is the Chromium Bug Tracker. For more information about all of this, hit the source link below. At the same time, the Google Play Security Reward Program is also increasing its payouts, with up to $20,000 now on offer. It's seemingly a good time to be a security researcher.