Time: 2024-07-15
Google has recently announced a significant increase in payouts for bugs discovered in its systems and applications through its Vulnerability Reward Program . The new maximum bounty for a single security flaw has been raised to 51,515 , representing a fivefold increase from previous rewards . The tech giant stated that as their systems have become more secure over time , it has become increasingly challenging to find bugs , prompting the update in reward amounts.
The updated Reward Amounts section of the Google VRP rules outlines the changes in reward amounts and the new payout structure . For instance , the new highest reward now combines 01,010 for a Remote Code Execution ( RCE ) in their most sensitive products with a 1.5x modifier for exceptional report quality , resulting in the 51,515 maximum bounty . Starting from July 11th , only vulnerability reports submitted will be eligible for the new rewards table . Additionally , Google has expanded payment options , allowing security researchers the possibility of receiving payments through Bugcrowd.
In recent Google VRP developments , the company introduced kvmCTF , a new program focused on improving the security of the Kernel - based Virtual Machine ( KVM ) hypervisor . This initiative aims to address VM - reachable bugs in the KVM hypervisor and offers a substantial 50,000 bounty for full VM escape exploits . Furthermore , Google had tripled rewards for Chrome sandbox escape chain exploits until December 1st , 2023 , a year ago.
Since the launch of its Vulnerability Reward Program in 2010 , Google has paid out more than 0 million in bounties to security researchers who reported over 15,000 vulnerabilities . In the past year , the company paid a total of 0 million in rewards , with the highest individual payout amounting to 13,337 . Notably , the highest - ever VRP bounty of 05,000 was awarded to gzobqq in 2022 for identifying a series of five critical security bugs in an Android exploit chain . This same researcher had previously reported another significant Android exploit chain in 2021 , earning a 57,000 payout.