Google Announced 5x Raise In Its Bug Bounty Program Rewards

A lucrative opportunity to win hefty bounties has arrived for security researchers. Google has increased the bug bounty payouts for its Vulnerability Reward Program by fivefold, rewarding up to $151,000.

Google Increased Bug Bounty Rewards To Lure Researchers

According to the recent updates Google shared for bug hunters, the tech giant has announced a five-fold increase in its bug bounty program rewards.

Google Vulnerability Rewards Program (VRP) has long been an attractive money-making opportunity for security researchers to earn well-deserved bounties for their security findings. However, as Google stated, the subsequent security upgrades in Google products have made finding bugs challenging for the security community. Hence, the firm decided to remunerate the researchers for the time and effort involved in this task.

As per the revised reward limits, researchers can earn a maximum reward of $101,010 for a high-severity remote code execution vulnerability report. Plus, for an exceptional vulnerability report, Google applies a 1.5x modifier to jazz up the rewards, thus making $151,515 the maximum reward amount.

This 1.5x modifier doesn’t only apply to the RCE reports. Instead, Google has introduced this reward-enhancing formula for all bug reports. That means in addition to a five-times increase, researchers may also earn even higher payouts for exceptional reports. Some examples that Google listed are shared below.

Example Vulnerability New Reward Old Reward
A logic flaw leading to an accounts.google.com @gmail.com account takeover ($50,000 * 1.5) = $75,000 $13,337
XSS on idx.google.com ($10,000 * 1.5) = $15,000 $3,133.70
A logic flaw disclosing PII on home.nest.com (a tier 1 acquisition domain) ($2,500 * 1.5) = $3,750 $500

While the 1.5x modifier applies to exceptional-quality reports only, Google also decided to reward good-quality and low-quality reports with a 1x and 0.5x increase, respectively.

Besides, Google has also modified the application tiers for its bug bounty program, making it more transparent for the researchers. Interested researchers may find the details here to apply accordingly.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients