Google is increasing the rewards in its bug bounties program, as it tries to make its software more secure. The search company is updating its reward pricing range to between $500 and $15,000 per bug, up from the previous maximum of $5,000 for a high-quality report, with an increased focus on discovering potential vulnerabilities within the Chrome browser.
In order to get the $15,000 figure, the Chrome Rewards support page states the applicant must demonstrate a “Sandbox Escape” with a reliable exploit that “demonstrates that the bug reported can be easily, actively, and reliably used against our users.” Rewards on the higher end of the scale will be provided to researchers able to demonstrate a “specific attack path,” with Google adding the option for the vulnerability to be submitted first, followed by a working exploit later. A new Hall of Fame page has also been created, identifying and thanking the successful submitters.
Though active from now on, Google is also making an effort to appease already-rewarded researchers. Valid submissions from July 1st of this year will earn the creators a back payment at the increased reward levels.
