Did you have any slightest idea that you can earn bigger bucks by becoming a digital bounty hunter?
Since 2010, Google has paid anyone who reports a bug in the Chrome browser. If becoming a digital bounty hunter sounds like a sweet gig, Google is upping the reward. Highlights include tripling the maximum baseline reward from $5,000 to $15,000 and doubling the maximum reward for a “high quality report” from $15,000 to $30,000, according to a Chrome Security blog post.
Chrome OS also increased its standing reward to $150,000 for “exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode.” Security bugs found in firmware and lock screen bypasses also generate rewards, Google said Thursday.
“The additional bonus given to bugs found by fuzzers running under Chrome Fuzzer Program is also doubling to $1,000,” the blog post said.
Of course, Google has specific rules about what qualifies as a “high quality report,” which it details on its page.
Google Play isn’t left out. Rewards for remote code execution bugs have increased from $5,000 to $20,000, theft of insecure private data from $1,000 to $3,000, and access to protected app components from $1,000 to $3,000, the company said.
If you “responsibly” disclose vulnerabilities to participating app developers, you’ll get a bonus, according to Google. You can read more about the program to learn more and see which apps qualify.
Since the Chrome Vulnerability Rewards Program’s creation in 2010, Google said, people have reported over 8,500 bugs and Google has paid out over $5 million. As of February of this year, the company had paid out over $15 million across all of their bug bounty programs.
For reference, the old table is one below this paragraph and the increased Chrome bug bounties list at the bottom:
