A Critical Google Chrome Security Bug Can Now Bring You No Less than $30,000

Google has just announced that it decided to increase the bounties offered for Google Chrome browser security vulnerabilities, with the maximum payment now reaching $30,000.

The Google Chrome Vulnerability Rewards Program was released in 2010, and the search giant says it received no less than 8,500 reports since then.

Furthermore, the bounties that it offered as part of the program total more than $5 million.

Now Google is willing to pay even more for Chrome security vulnerabilities, so the maximum baseline reward amount is increased from $5,000 to $15,000. Furthermore, the top bounty is now $30,000, up from $15,000.

Bigger Chrome OS bounties

According to the new reward amounts, if you report a sandbox escape or a memory corruption in a non-sandboxed process, you qualify for a bounty between $5000 and $15,000. At the same time, if your submission is considered a high-quality report, the payment is increased to $20,000. Adding a functional exploit in your submission brings the total reward to $30,000.

There are also changes targeting the bounties offered by Google for Chrome OS vulnerabilities.

“On Chrome OS we're increasing our standing reward to $150,000 for exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode. Security bug in firmware and lock screen bypasses also get their own reward categories,” Natasha Pabrai and Andrew Whalley, Chrome Security Team, say.

The Chrome rewards program is available for Chrome on Windows 7, Windows 8.1, Windows 10, macOS10 v10.10+, Linux, Android 4.4+, iOS 7+ and to current versions of Chrome OS.

The full payments for Chrome bugs are detailed in the table below.