Google Delivers Record-Breaking $12M in Bug Bounties

Googles Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.

Google addressed more than 2,900 security vulnerabilities in its products and platforms last year, awarding more than $12 million in bug bounty rewards to researchers in a record-breaking cash storm.
The total well outpaces
last years total of $8.5 million in rewards
paid.
According to the tech behemoths annual Vulnerability Reward Program (VRP) report, several VRP segments saw record highs in 2022, including the Android ecosystem, which doled out a cool $4.8 million to bug hunters. That total included the highest paid bounty in Google VRP history ($605,000), for a critical-rated exploit chain submitted by a white-hat known as gzobqq.
Meanwhile, the invite-only Android Chipset Security Reward Program (ACSRP) — which is run in tandem with manufacturers of Android chipsets — awarded $486,000 in collective bounties in 2022, across 700 valid security reports.
Over at the Chrome VRP, $4 million was paid across approximately 470 valid security bug reports. Of that, $3.5 million was rewarded to researchers for 363 reports of security bugs in Chrome Browser, and nearly $500,000 was rewarded for 110 reports of security bugs in ChromeOS.
And finally, the companys relatively new open source software (OSS) VRP — launched last August to cover supply chain issues in Google packages — released more than $110,000 in rewards to its roughly 100 participating bug hunters.
Sarah Jacobus, technical program manager at the Vulnerability Rewards Team, noted in a
blog post today
that more opportunities are coming for Googles bug hunters, including an expansion of the Android and Google Devices VRPs to include the latest versions of Google Nest and Fitbit as in scope.
Also, 2023 will be the year of experimentation in the Chrome VRP, she wrote. Please keep a lookout for announcements of experiments and potential bonus opportunities for Chrome Browser and ChromeOS security bugs.
She also noted that the relatively new Google Play Security Reward Program (GPSRP) will look to expand its stable of bug hunters throughout this year and plans to sponsor various bounty events focused on Android and Google Play apps in order to attract new talent.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Google Delivers Record-Breaking $12M in Bug Bounties