Google has ramped up the maximum reward on the table for white hat hackers seeking bugs in the company’s Chrome browser.For some time Google has offered monetary bounties to users who discover bugs and vulnerabilities in Chrome, and now they’re upping the max reward by a factor of three.
As Chrome security vulnerabilities are becoming harder to find, Google says it wants to “recognize the extra effort it takes to uncover vulnerabilities,” and so has increased the reward range of the bug bounty program from a maximum of $5,000 to $15,000.
The standard reward range is now $500 to $15,000, depending on the severity of the security flaw. However, the firm says that “particularly great reports” could be eligible for more — as shown when Google awarded a researcher $30,000 in August for reporting severe exploits which could be used to circumvent the Google Chrome sandbox. In addition, rewards are based on whether an exploit could impact on large numbers of users.
“As Chrome has become more secure, it’s gotten even harder to find and exploit security bugs,” Google wrote in a blog post. “This is a good problem to have!”
Users who discover new Chrome bugs will also have their names added to a new Hall of Fame page.
It should be noted that Google has always reserved the right to hand out as much cash as they feel like to these hunters. As the company points out, they gave someone $30,000 in September “for a very impressive report.”
Hopeful code sleuths can head to Google’s Chrome security hub for more details on exactly how to eke the most cash out of their discoveries.