Chrome Bug Hunters Can Earn Up To $250,000 For Serious Vulnerabilities Now – Here’s How
Source: ZDNet, Cesar Cadenas, Staff Writer
Photo: Yasin Baturhan Ergin/Anadolu via Getty Images
Google is bumping up the cash prizes for its Vulnerability Reward Program across all of its current categories.
It’s unfortunate that as technology improves, so do the threats. Bad actors are constantly on the hunt for new ways to exploit unintended or overlooked flaws. Google, recognizing this issue, has updated the reward structure for its Chrome Vulnerability Reward Program (VRP) in an effort to incentivize “deeper security research.”
The money bug hunters can earn moving forward is much higher than before. Now the most you can win on a single issue is $250,000. To earn this bounty, you must perform two important tasks. First, you’ll need to locate a memory corruption bug inside a non-sandboxed process.
Memory corruption is when a software’s memory is altered in some way, causing abnormal behaviors. A non-sandboxed process refers to an exploit that can affect all aspects of an app. In this case, the app is Chrome browser. The second criterion is you must provide a “high-quality report” demonstrating remote code execution (RCE). Doing so could net you that quarter of a million dollars. Previously, the maximum amount was capped at $40,000.
From there, the cash prizes decrease as memory corruption bugs become less severe. Demonstrating remote execution in a controlled environment may win you up to $90,000. A report showing active memory corruption could earn you $35,000 max.