Google will now pay you some serious dough to find security flaws in Chrome

Chrome
(Image credit: Shutterstock)

Google has announced plans to triple the amount of cash available to those submitting their findings to its Vulnerability Reward Program (VRP) for Chrome in certain circumstances, with pots of up to $180,000 available until the start of December 2023.

In a press release, the browser maker said the first security bug report received with a functional full chain exploit, resulting in a Chrome sandbox escape, would be eligible for triple the regular full reward amount, which means $165,000-$180,000 could be on the cards.

On top of that life-changing sum, further bonuses could be potentially available. Furthermore, subsequent full chains submitted to Google via the VRP could be eligible for double the full reward amount (or $110,000-$120,000).

Google offers $180,000 to find Chrome bugs

Google explained that, to qualify for the largest sum of money, “exploitation must be able to be performed remotely and no or very limited reliance on user interaction.”

They should also be functional in an active release channel of Chrome, not a previous version, though this can include Dev, Beta, Stable, and Extended Stable channels.

According to the Chrome VRP page by Google’s Bug Hunters, further bonuses could be issued for identifying the earliest major release or oldest active release channel impacted by the vulnerability, for identifying the commit responsible for the vulnerability, and a handful of other reasons.

The VRP page also details how successful candidates who don’t wish to keep their reward can have it donated to charity in a process where Google will consider doubling the value as part of a charitable offering.

Full details of the Chrome Vulnerability Reward Program are available on Google’s dedicated website.

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
A woman at a table using a Windows laptop, opposite sits a man, neither show their face
Microsoft will now pay you even more to find security bugs in Copilot
Facebook on laptop
Researcher nets major reward for finding Facebook bug able to unlock the gates to its internal systems
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
the YouTube logo on a screen in front of other YouTube logos covering a black background
Worrying YouTube security flaw exposed billions of user emails
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments