Google has now announced it will now pay more for Chrome bugs discovered, under its bug bounty program.
Google are bumping up the top published payment under the bounty to US$15,000 (while noting that for particularly spectacular bugs it’s been known to pay out as much as US$30,000 under the old rules). The starting price for a verified bug is US$500.
Here is the new pay scale Google are offering for chrome bugs:
The highest payments are reserved for bugs that come with an exploit proof-of-concept that demonstrates “a specific attack path against our users”. However, bug report and exploit don’t have to arrive simultaneously; Google offers the option for researchers to submit the bugs now, and follow up with the exploit later. That also means security Oompa-Loompas can get to work coding a fix, while the researcher doesn’t lose the chance at the bounty when an exploit is ready.