Google Increases Maximum Cash Reward to Chrome Bug Hunters to $15,000
Google is offering bigger rewards to researchers who can discover and report existing exploits within its Chrome browser. The giant search engine has just increased the maximum of its bounties by threefold. That means that researchers can now possibly earn up to $15,000 at most for reporting bugs, up from the previous maximum worth $5,000.
The company’s bug bounty now starts at $500 for each bug. The maximum reward would be awarded depending on the severity of the exploit. Bug hunters could earn higher is they could prove that the bugs they discovered could massively attack its end users.
Just fair for the challenge
In a blog post, the Chrome security team emphasized that the reward increase is in recognition of the added effort required to discover possible vulnerabilities in the browser. The increase is deemed appropriate as the task to uncover bug in Chrome gets even more difficult.
The team disclosed that since the start of its bounty program, it has already squashed over 700 security bugs in Chrome. Overall, it has paid over $1.25 million as combined reward amount to researchers who found and reported those exploits.
Thus, the current Chrome could be considered as more secure. It would be much more difficult to find and even exploit security bugs in the browser. The increase in the reward offered is therefore commensurate to the level of difficulty in finding any of still remaining bugs, if there are still any.
Finding bug before enemies do
Google is also making sure it would find out about the bugs and fix those before the black market does. The company obviously would not want independent researchers to send information about vulnerabilities to professional brokers or hackers.
There is also a modification to the way the process works. Researchers are even given the option to send vulnerability information first and then follow up with the exploit later. This is another strategy, according to the Chrome team, to ensure that it would be able to patch those bugs earlier and possibly prevent submissions of duplicate reports. Contributors could claim their rewards after.