google chrome

Nine years later and more than 8,500 security bug reports, Google has decided to increase the value of its Chrome Vulnerability rewards program for security vulnerabilities.

The maximum premium for the base line has increased to $15,000, with a ceiling of $30,000, twice as much as previously to produce high-quality reports for current security vulnerabilities.

Chrome OS bug bounty rewards the Google Chrome bug bounty program over the years to include full chain exploits for the same-named Chromebook and Chromebox operating system.

-The program’s rewards are to use valid bugs to escape integrated isolated containers, firmware vulnerabilities (processors, built-in controllers, and H1), flaws that may overturn the verified boot mechanism and lead to persistence, and lock screen problems that can be used to circumvent it.

Report type High-quality report with proof of concept/exploit High-quality report Baseline
Sandbox escape and Firmware $30,000 $20,000 $5,000 – $15,000
Lockscreen bypass $5,000 – $15,000
Chrome OS Persistence $5,000 – $15,000

 

Google’s standing payment has also increased for researchers, who are able to compromise a Chromebook or Chromebox by persistent guest mode; this means “guests with interim reboots, delivered through a Web page,” with $150,000 now available. Earlier this had been limited to $100,000.

Fuzzer and patch bonuses

The Chrome vulnerability reward program also covers the Chrome fuzzer program, which allows researchers to use their own fuzzers on Google’s hardware and get full retribution for any bugs they uncover. The Chrome vulnerability rewards programme.

Google also lists a bonus which has doubled to $1,000. In addition. Another bonus is to researchers who submit a patch for the vulnerability they have found; the payment can vary from $500 to $2,000 depending on quality and complexity.

As shown in the table below, the payment bumps are displayed across the board.

Report types High-quality report with
functional exploit
High-quality report Baseline
Sandbox escape / Memory corruption in a non-sandboxed process $30,000 $20,000 $5,000 – $15,000
Universal Cross Site Scripting $20,000 $15,000 $2,000 – $10,000
Renderer RCE / memory corruption in a sandboxed process $10,000 $7,500 $2,000 – $5,000
Security UI Spoofing $7,500 [treated as a functional exploit] $500 – $3,000
User information disclosure $5,000 – $20,000 [treated as a functional exploit] $500 – $2,000
Web Platform Privilege Escalation $5,000 $3,000 $500 – $1,000
Exploitation Mitigation Bypass $5,000 $3,000 $500 – $1,000

 

Chrome Vulnerability Rewards was developed in 2010 and paid over $5 million in security bugs to researchers.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here