Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Google boosts flaw bounties to $5,000 on Chromium program

Vulnerability inflation

Article comments

Google is upping the rewards it offers to bug hunters on its Chromium Vulnerability Rewards (VRP) program to $5,000 (£3,250) for those previously rated at $1,000, the firm has announced.

Nearly three years after it started handing out money to researchers on this program, Google has gradually increased the sums it offers for those wanting to make it  on to its 'Hall of Fame' list.

Judging from the list, a small elite of researchers is already making a tidy living from the rewards.

As for the higher sums, “In many cases, this will be a 5x increase in reward level! We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity,” said Google’s Chris Evans.

Google currently has three types of bug rewards; the Chromium VRP, the highly-rewarded and more critical Web VRP, and the sums it hands out at the public CanSecWest Pwnium contest.

In total, Google had handed out over $2 million across these schemes, split evenly between the Chromium/Pwnium track and the Web VRP, it said.

It’s the second increase in as many months with Google in June boosting the money on offer for critical cross-site scripting (XSS) flaws and those affecting its own programs by about the same factor.

Despite the optimistic enthusiasm of the latest announcement, the higher rewards are probably linked to lower submission rates. Last August, the firm raised bounties generally, saying it planned to offer much larger sums to specific types of serious flaw.

It remains true that bug hunters can get larger rewards by offering significant flaws to other vendors.

Earlier this year Google paid out a record $31,000 bug bounty to a University of Luxembourg researcher for spotting flaws in the O3D JavaScript API.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *