To secure the widely-used browser, Google has announced updates to its longstanding Chrome Vulnerability Rewards Program (VRP). The initiative, now in its 14th year, rewards security researchers for finding and reporting bugs in the software, with payouts reaching up to $250,000. The revamped reward structure comes as finding significant bugs in Chrome has become more challenging due to continuous security improvements. Google hopes the new system will encourage more thorough research by offering clearer guidelines on how rewards are determined based on the severity and potential impact of discovered vulnerabilities.
At the top of the reward structure, bugs that allow Remote Code Execution (RCE)—a critical vulnerability where malicious code can be run remotely—carry the maximum reward of $250,000. Other significant flaws, such as Controlled Write bugs, which allow hackers to write data to memory, can net researchers up to $90,000. Less severe but still important Memory Corruption bugs are rewarded with payouts of up to $35,000. Even reports that identify memory corruption without full exploitation can still earn up to $25,000, as Google emphasizes the importance of detailed reporting.
The updated program also accounts for other forms of vulnerabilities, not limited to memory issues. High Impact bugs, which are easy to exploit and pose serious risks to users, come with rewards of up to $30,000. Moderate Impact and Lower Impact vulnerabilities offer payouts of $20,000 and $10,000, respectively. Researchers who specialize in specific security features, like bypassing Chrome’s MiraclePtr protection, could earn an even higher reward—up to $250,128.
With these adjustments, Google is pushing for more in-depth exploration of bugs, rewarding those who demonstrate the potential dangers a vulnerability may pose. The new structure is designed to motivate researchers to not only find bugs but also thoroughly analyze their risks and impact. For cybersecurity professionals, Google’s revamped VRP presents a lucrative opportunity to contribute to Chrome’s ongoing security and earn substantial rewards for their efforts. More details can be found in Google’s official announcement.
For more updates, be with Markedium.
