Google has increased the maximum reward for hackers seeking to find and decode bugs in the company's Chrome browser to as much as $15,000 per bug. But the limit seems adjustable. Last month, the company awarded $30,000 for what it calls a "very impressive report."
Developers and white-hat hackers who submit proven vulnerabilities in Chrome can expect higher rewards, Tim Willis, Hacker Philanthropist, Chrome Security Team at Google, wrote in a blog post Tuesday. Years of collaboration with the research community uncovered and squashed more 700 Chrome security bugs, and more than $1.25 million has been awarded through the bug reward program.
Google wants to recognize the extra effort it takes to uncover vulnerabilities. "In recognition of the extra effort it takes to uncover vulnerabilities in Chrome, we’re increasing our reward levels. "We’re also making some changes to be more transparent with researchers reporting a bug,' Willis wrote.
Google will increase its standard reward pricing range to between $500 and $15,000 per bug, up from a previous published maximum of $5,000. Each bug type has a clear breakdown for each likely award. Google reserves the right to reward above these levels for particularly great reports.
The company, which backdated the new pay-scale to July 1, 2014, will pay even higher when developers can provide an exploit to demonstrate a specific attack path against its users. Researchers now have an option to submit the vulnerability first and follow up with an exploit later. Willis said Google gets to patch bugs earlier and contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report and more people being infected.