ImageCache

Google is increasing the bounty it pays to security researchers who discover and report bugs in Chromium by up to 500 percent after announcing that it has paid out a combined total of $2M in bug bounties across Chromium and Google-owned websites in just three years.

Today, the Chromium program is raising reward levels significantly. In a nutshell, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a 5x increase in reward level! We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity. We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software.

This follows earlier similar increases for reporting website vulnerabilities back in June.

Although the sums of money offered for reporting vulnerabilities are substantially lower than could be made by selling the info on the black market to those who would use it for nefarious reasons, the thinking behind bug bounties is it encourages those who would never dream of misusing the info to file prompt reports. Many large tech companies offer bug bounties, with Microsoft – a long-time hold-out – joining in a month ago.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear