Google Brings Bug Bounty To Web Apps

  /     /     /  
Publicated : 22/11/2024   Category : security


Google Brings Bug Bounty To Web Apps


Chromiums vulnerability rewards program has been extended to Googles Web properties.



Google is promising to pay people who find vulnerabilities in its Web applications.
Having seen improvements in the security of its Chromium Web browser following the launch of a bug bounty program in January, Google has decided to offer rewards to individuals who report security flaws in its Web applications.
[W]e hope our new program will attract new researchers and the types of reports that help make our users safer, members of Googles security team said in a group
blog post
.
The expanded rewards program may include any Google Web property that involves the handling of sensitive user data. Possible examples include Google.com, YouTube.com, Blogger.com, and Orkut.com.
Google isnt specifying exactly which sorts of vulnerabilities qualify for a reward. Rather it is providing general guidance. Each submission will be reviewed before Google decides whether the discovery merits a reward.
Types of vulnerabilities that Google considers reward-worthy include: XSS, XSRF/CSRF, XSSI, bypassing authorization controls, and server-side code execution or command injection.
Google says it wont pay for vulnerabilities involving attacks on Googles corporate infrastructure, social engineering and physical attacks, denial of service bugs, client vulnerabilities, SEO blackhat techniques, vulnerabilities in Google-branded Web sites hosted by third parties, or bugs in technologies that Google has recently acquired.
Googles desktop and mobile applications, such as Android, Picasa, and Google Desktop, are outside of the scope of its expanded rewards program.
The base reward is $500 and rewards may be increased at the awards panels discretion, up to $3,133.7 for particularly clever discoveries. Google says it will provide individuals with the option to direct their reward to charity if theyre not interested in receiving money.
The company says that its unable to offer rewards to individuals in countries under U.S. sanctions or to minors.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Brings Bug Bounty To Web Apps