If You Report A Chrome Bug, Google May Give You Rs 20 Lakh

Dhir Acharya - Jul 19, 2019

For the last nine years, Google has paid money to some people reporting chrome browser’s security holes, and the search giant has just increased the reward.

For the last nine years, Google has paid money to some people reporting Chrome browser’s security holes, and the search giant has just raised the reward. As detailed in a blog post from Chrome Security, the company has tripled the reward’s maximum baseline from Rs 343,880 to Rs 1,031,640 and doubled the highest reward applied for high-quality reports from Rs 1,031,640 to Rs 2,062,369 if the reporting person gives example software which exploits the hole.

The-search-giant-has-just-increased-rewards-for-bug-reports-1 — The search giant has just increased rewards for bug reports

In addition, for those who reveal attacks on Chrome OS, Google has also raised its standing reward for Chrome OS to Rs 1.3 crore or you can exchange for a Chromebox or Chromebook with the more restricted guest mode. The company said on Thursday that it also give rewards to those who find security bugs in the firmware that allow attackers to bypass the lock screen of Chrome OS.

Most importantly, the search giant is raising the reward amount for fuzz testing where it feeds a product with random data to detect problem inputs, an approach to bug hunting. The blog post said that the search giant has also doubled the bonus for those who find bugs under the Chrome Fuzzer Program to Rs 68,798 ($1,000).

Rewards for bug hunting has got more popular as tech firms work to prevent their products from being used to crash a machine, hack users’ personal data or break into corporate networks and hold computers hostage for ransom. However, bug hunters payouts from not only tech firms but also criminals and governments who want to use exploits for activities such as identity theft and espionage.

Rewards-for-bug-hunting-has-got-more-popular-in-recent-years-2 — Rewards for bug hunting has got more popular in recent years

Google said that since the creation of the Chrome Vulnerability Rewards Program nine years ago, over 8,500 bugs have been reported and the company has paid out more than Rs 34.3 crore. Though that’s a huge amount of money, hiring a good programmer in Silicon Valley can cost Google hundreds of thousands of dollars per year.

There are also specific rules to determine a “high-quality report” on Google’s page.

Google Play also offers bigger rewards now. It has raised rewards from Rs 343, 840 to Rs 1,375,361 for remote code execution bugs, from Rs 68,798 to Rs 206,393 for access to protected app components as well as private data theft. According to the search giant, you will get a bonus if you inform developers of participating apps about the vulnerabilities.