Google’s Vulnerability Reward Program paid out a whopping $10 million to over 600 researchers for bug bounties in 2023.
In a post the Google Online Security Blog’s “Year in Review”, the Mountain View firm detailed the specifics of this sizeable sum. 632 researchers in 68 countries were rewarded for finding vulnerabilities within Android, Wear OS, Android Automotive, Chrome, and many more Google products. For those wondering, the single highest bounty was a staggering $113,337.
Android bugs and vulnerabilities accounted for $3.4 million. Google even increased the reward for critical vulnerabilities in our favorite mobile OS’s maximum to $15,000 last year.
Chrome bug bounties added up to another sizeable $2.1 million for Google in 2023, accounting for 359 unique reports within the web browser. Increased rewards were offered for V8 bugs in older Chrome builds. The result was fewer long-standing problems and reports of issues but the resolution of a V8 JIT optimization bug that has been around since Chrome M91 released back in May 2021.
50 bugs and vulnerabilities were also found in Fitbit and Nest products and hardware. Although a much smaller proportion of Google’s business, $116,000 was paid out in bounties for bugs found here.
LLMs are also now included within Google bug bounty program. The firm highlighted a live-hacking event “Hacking Google Bard” and even paid out bounties to the tune of $87,000. Given the rapid ongoing development of AI, specific criteria for bugs in AI products have been published to help researchers pinpoint issues and determine what constitutes a “bug” when working with AI products.
Although a huge figure, this is actually dip compared to the $12 million that Google paid for bug bounties in 2022.
More on Google:
- Here are Google’s custom Android pins from MWC 2024 [Gallery]
- Photomath is officially Google’s latest app on the Play Store
- Google’s Pixel is the only phone to do fingerprint and face unlock the right way
FTC: We use income earning auto affiliate links. More.
Comments