Google paid $6.7 million in reward money last year to security researchers from around the world who found vulnerabilities in Chrome, Android, and other Google technologies.
The amount is the highest Google has paid out under its Vulnerability Research Program (VRP) since launching it in 2010. In fact, the reward money it paid in 2020 is almost double the $3.4 million it paid bug hunters in 2019.
Researchers who disclosed vulnerabilities in Chrome collected about one-third ($2.1 million) of the total reward money that Google handed out last year. The amount represented an 83% increase over what the company paid for Chrome bug discoveries in 2019.
Much of that increase stemmed from Google’s decision to bump up rewards for researchers who discover Chrome vulnerabilities. In July 2019, the company tripled the minimum amount available under the Chrome VRP from $5,000 to $15,000. It also bumped up the maximum award for high-quality bug reports with exploits from $15,000 to $30,000.
A similar increase in rewards for Android vulnerabilities resulted in Google paying out about $1.74 million to security researchers last year. It also resulted in Google's VRP team receiving submissions for as many as 13 working exploits against Android bugs. Among them was what Google Thursday described as a one-click remote exploit targeting recent Android devices and others in a preview version of Android 11. Google also awarded bounties to researchers who discovered vulnerabilities in some of its other technologies, including Google Play and V8.
In addition to awards for vulnerability discovery, Google also rewarded researchers who reported what the company describes as "abuse risks" in its products. For example, Google points to methods that would allow someone to manipulate the rating of a Google Maps listing by su ..
Support the originator by clicking the read the rest link below.
