August 28, 2024 at 02:09PM
Google significantly increases rewards for Chrome browser vulnerabilities through its VRP. Researchers may now earn up to $250,000 for a single issue, with the highest payouts for memory corruption bugs in non-sandboxed processes. Additional rewards are possible for specific exploit conditions. Google also offers rewards for other vulnerability classes based on quality and potential impact.
Based on the meeting notes, Google has announced a significant increase in rewards for Chrome browser vulnerabilities reported through its Vulnerability Reward Program. The highest payout for a single issue has been increased to $250,000, with additional rewards available under specific conditions. These include rewards for memory corruption flaws, controlled write in non-sandboxed processes, and remote code execution (RCE) in sandboxed and non-sandboxed processes. Google has also specified rewards for other classes of vulnerabilities such as client-side flaws and site isolation bypasses.
The company has taken this step to incentivize deeper research into the consequences of these issues and to encourage security researchers to report high-quality vulnerabilities that may impact Chrome users. The rewards for specific vulnerabilities have been significantly increased, with bonus rewards available for reports that meet certain criteria. This initiative aims to bolster the security of the Chrome browser and address potential vulnerabilities that may pose a threat to users.