Google bug bounty payments hit nearly $12 million in 2024

News
By
published

660 security researchers got Google bounty payouts last year

Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
(Image credit: Shutterstock / ArtemisDiana)
  • Google bug bounties see 660 researchers get a share of $11.8 million in 2024
  • Chrome and Android VRPs were lucrative
  • Google’s VRP program turns 15 next year

Google has revealed it paid out $11.8 million in bug bounties in 2024, with payments going out to 660 security researchers, equating to a theoretical average of around $18,000 each.

Its highest payout in 2024 was $110,000, with its total payout to date now standing at $65 million since 2010.

Chrome researchers and those revealing vulnerabilities in Android and other Google Devices accounted for around half of 2024’s payouts, marking the company’s commitment to security within its most popular devices.

Google paid out $12 million in bug bounties last year

Some changes to the structures last year resulted in higher payout potentials, with the Google VRP now paying out up to $151,515, $300,000 for the Mobile VRP, $151,515 for the Cloud VRP and $250,000 for Chrome awards.

In a blog post, Google's Dirk Göhmann said researchers contributing to the Android and Google Devices Security Reward Program and the Google Mobile Vulnerability Reward Program got over $3.3 million in rewards in 2024, adding that 8% fewer reports were logged. However, the company did see a minor 2% increase in critical and high vulnerabilities.

A total of 337 unique reports were made to the Chrome VRP – 137 received rewards totalling an additional $3.4 million.

Google also celebrated the launch of a new category – 2024 was its first full year of AI bug bounties, but payouts remained relatively low, at $55,000.

Other successes include two bugSWAT events and four init.g workshops to support the next generation of security researchers.

Looking ahead, Göhmann noted the company will be celebrating 15 years of VRP in 2025 – it’s unclear whether any changes will be made to its VRPs to commemorate this milestone.

Göhmann added: “We want to send a huge thank you to our bug hunter community for helping us make Google products and platforms more safe and secure for our users around the world – and invite researchers not yet engaged with the Vulnerability Reward Program to join us in our mission to keep Google safe!”

You might also like

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A woman at a table using a Windows laptop, opposite sits a man, neither show their face
Microsoft will now pay you even more to find security bugs in Copilot
Facebook on laptop
Researcher nets major reward for finding Facebook bug able to unlock the gates to its internal systems
In this photo illustration a Google Play logo seen displayed on a smartphone.
Over 2 million risky Android apps were blocked from the Play Store last year
the YouTube logo on a screen in front of other YouTube logos covering a black background
Worrying YouTube security flaw exposed billions of user emails
NordVPN
US hit with over 1.9 billion malware threats last year - here's how to stay safe
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
Latest in Security
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Latest in News
DVDs in a pile
Warner Bros is replacing some DVDs that ‘rot’ and become unwatchable – but there’s a big catch that undermines the value of physical media
A costumed Matt Murdock smiles at someone off-camera in Netflix's Daredevil TV show
Daredevil: Born Again is Disney+'s biggest series of 2025 so far, but another Marvel TV show has performed even better
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Nintendo Switch 2
A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console
Google Pixel 8 review Pixel 8 Pro cameras
Is your Google Pixel 9 screen flickering or are the haptics a lot more intense? You aren't alone, and thankfully there's a fix
Motorola Edge 50 Pro lavender
Your next Android bargain? Major Motorola leak teases details of multiple 2025 phones – including the Edge 60 series
More about security
AMD logo

Security flaw means AMD Zen CPUs can be "jailbroken"
Representational image of a cybercriminal

Criminals are spreading malware disguised as DeepSeek AI
The Fluance Ri71 speaker in a wood finish, in front of a plant

Fluance's new active stereo speakers look like a dream soundbar alternative, as well as being perfect for turntables or Bluetooth music
See more latest
Most Popular
The Fluance Ri71 speaker in a wood finish, in front of a plant
Fluance's new active stereo speakers look like a dream soundbar alternative, as well as being perfect for turntables or Bluetooth music
DVDs in a pile
Warner Bros is replacing some DVDs that ‘rot’ and become unwatchable – but there’s a big catch that undermines the value of physical media
A costumed Matt Murdock smiles at someone off-camera in Netflix's Daredevil TV show
Daredevil: Born Again is Disney+'s biggest series of 2025 so far, but another Marvel TV show has performed even better
AirPods Pro 2 out of their case on a wooden surface
Camera-toting AirPods with Apple Intelligence said to be in active development – but the idea may be too flawed to take off
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Motorola Edge 50 Pro lavender
Your next Android bargain? Major Motorola leak teases details of multiple 2025 phones – including the Edge 60 series
A close-up of the PS5 Pro
PS5 Pro games will soon get something 'very similar' to FSR 4 for what Sony is calling 'the next evolution of PSSR'
Matt Murdock holding a phone to his right ear in a prison in Daredevil: Born Again episode 2
What time is Daredevil: Born Again episode 3 going to be released on Disney+?
Nintendo Switch 2
A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console
Two business men playing chess in the office.
It turns out ChatGPT o1 and DeepSeek-R1 cheat at chess if they’re losing, which makes me wonder if I should I should trust AI with anything