Google recently announced that it will be doubling the maximum reward for its Chrome bug bounty program. To mark the 16th anniversary of the Chrome browser’s launch and the 14th anniversary of the Vulnerability Reward Program (VRP), Google is increasing the maximum reward to $250,000 for security researchers who discover and report critical vulnerabilities.
According to a blog post by Google, the VRP program is being enhanced to incentivize high-quality reporting and more in-depth research into Chrome vulnerabilities. Remuneration of up to $250,000 will be granted for demonstrating remote code execution in a sandbox-free process. Apart from memory corruption bugs, reports of other vulnerabilities will also be reviewed, with rewards ranging from $1,000 to $30,000 based on severity.
Starting from Chrome 128, reporting a vulnerability that circumvents the MiraclePtr protection mechanism could potentially earn up to $250,128, which is more than double the previous reward of $100,115.
This announcement underlines Google’s unwavering commitment to strengthening the security of its popular Chrome browser and aims to encourage active participation from the security community in identifying and addressing vulnerabilities.
This is not the first time Google has bolstered the VRP program’s rewards. Earlier this summer, the company also increased the reward for certain reports of remote code execution vulnerabilities to over $150,000.
