Google today recapped the 2020 progress of its Vulnerability Reward Programs (VRPs) across Android, Chrome, and web services. The company touts a “record-breaking payout” of $6.7 million in rewards to researchers.

The previous year saw Google award $6.5 million, while 2020 also saw $280,000 donated to charity. There were 662 paid researchers representing 62 countries with the highest reward coming in at $132,500.

The Chrome VRP totaled $2.1 million across 300 bugs. This is 83% more than 2019 and follows increased amounts. 

Android is ranked next at $1.74 million in rewards. Google allowed researchers to submit issues during the Android 11 Developer Preview. It appropriately received 11 reports totaling over $50,000, with those issues fixed before the public fall release. Meanwhile, 13 working exploit submissions saw Google pay out over $1 million. 

In addition, we launched a number of pilot rewards programs to guide security researchers toward additional areas of interest, including Android Auto OS, writing fuzzers for Android code, and a reward program for Android chipsets. And in 2021, we’ll be working on additional improvements and exciting initiatives related to our programs.

Google Vulnerability Reward 2020

Meanwhile, the Google Play Security and Developer Data Protection Reward Programs awarded $270,000 to Android researchers. The Google Vulnerability Reward’s Abuse program saw twice as many reports in 2020 compared to the previous year, with Google fixing over 100 issues across 60 products.

More about Google security:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author