Google Raises Bounty For Chromium Bugs

  /     /     /  
Publicated : 22/11/2024   Category : security


Google Raises Bounty For Chromium Bugs


Chromium bug bounty program adds $1,000 bonus structure



Good news for security researchers: Google this week upped the ante for researchers who report to the company bugs in its Chromium software.
Chris Evans, a software engineer with Google, says the bigger rewards have to do with the increasing difficulty in finding flaws in the code. Recently, weve seen a significant drop-off in externally reported Chromium security issues. This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger, Evans said in a blog post announcing the pay raise for the Chromium Vulnerability Rewards Program.
Google has awarded more than $1 million in rewards to researchers thus far, and the company plans to retroactively apply its new bonus structure -- an extra $1,000 per find -- to researchers who found key bugs in the software, including a PDF bug and a heap-based buffer overflow bug.
The search engine giant now is adding a $1,000 bonus in addition to the base award for what it calls particularly exploitable issues; a $1,000 bonus for bugs in the stable parts of its code; and a $1,000 bonus for serious bugs which impact a significantly wider range of products than just Chromium, Evans said.
Google also has paid upward of $10,000 for major finds: An extraordinary contribution could be a sustained level of bug finding, or even one individual impressive report, he said, including Nvidia/ATI Intel GPU driver flaws or local privilege escalation exploits in Chrome OS via the Linux kernel.
Meanwhile, Googles bug bounty program includes vulnerabilities in Adobe Flash, the Linux kernel, and open source libraries, for example, he said.
More details on the program and the new bonus structure are
here in Evans post
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Raises Bounty For Chromium Bugs