The Google Chrome Vulnerability Rewards Program was released in 2010, and says it received no less than 8,500 reports since then.
Furthermore, the bounties that were offered as part of the program totaled more than $ 5 million.
Now Google is willing to pay even more for Chrome security vulnerabilities, so the maximum amount of reward baselines is increased from $ 5,000 to $ 15,000. Furthermore, the top bounty is now $ 30,000, up from $ 15,000.
Bigger Chrome OS bounties
According to the new reward amounts, if you report a sandbox escape or memory corruption in a non-sandboxed process, you qualify for a bounty between $ 5000 and $ 15,000. At the same time, if your submission is considered a high-quality report, the payment is increased to $ 20,000. Adding a functional exploit in your submission brings a total reward of $ 30,000.
There are also bounties targeting changes offered by Google for Chrome OS vulnerabilities.
"On Chrome OS we're increasing our standing reward to $ 150,000 for exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode. "Security bug in firmware and lock screen bypasses also get their own reward categories," Natasha Pabrai and Andrew Whalley, Chrome Security Team, say.
The Chrome rewards program is available for Chrome on Windows 7, Windows 8.1, Windows 10, MacOS10 v10.10 +, Linux, Android 4.4+, iOS 7+ and to the current versions of Chrome OS.
The full payments for Chrome bugs are detailed in the table below.
|High-quality report with functional exploit||High-quality report||Baseline|
|Sandbox escape / Memory corruption in a non-sandboxed process||$30,000||$20,000||$5,000 - $15,000|
|Universal Cross Site Scripting||$20,000||$15,000||$2,000 - $10,000|
|Renderer RCE / memory corruption in a sandboxed process||$10,000||$7,500||$2,000 - $5,000|
|Security UI Spoofing||$7,500||N/A||$500 - $3,000|
|User information disclosure||$5,000 - $20,000||N/A||$500 - $2,000|
|Web Platform Privilege Escalation||$5,000||$3,000||$500 - $1,000|
|Exploitation Mitigation Bypass||$5,000||$3,000||$500 - $1,000|
This article has been published in Softpedia with the title A Critical Google Chrome Security Can Now Bring You Bug No Less than $ 30,000