Today, Google announced that it is now offering more money to its security researchers under Chrome bug bounty program. The maximum reward price has been increased from $5000 to $15000.
This is the new reward program details
High-quality report with functional exploit | High-quality report | Baseline | Low-quality report | |
---|---|---|---|---|
Sandbox Escape | $15,000 | $10,000 | $2,000 – $5,000 | $500 |
Renderer Remote Code Execution | $7,500 | $5,000 | $1,000 – $3,000 | $500 |
Universal XSS (local bypass or equivalent) | $7,500 | $5,000 | N/A | N/A |
Information Leak | $4,000 | $2,000 | $0 – $1000 | $0 |
Google always tries to keep its users safe. And this is not possible without the help of community of security researches. Google also confirmed that it has patched more than 700 Chrome security bugs and paid around $1.25 million to security researches under this bug reward program. Now it is harder to find and explit security bugs. So, it has increased the maximum reward amount to incourage users to contribute in this security program.
Google also said that this maximum amount of pay will be increased if a researcher have found something very impressive. Chrome reward receipients will also be listed on Google Hall of Fame lost.
Google also confirmed that it will back-pay for valid submission from July 1, 2014.