Google Pays $6.5 Million to Hackers for Reporting Security Bugs

More than $6.5 million were paid to researchers for reporting security bugs through Google's Vulnerability Reward Program (VRP) in 2019, the company said in an announcement published today.

Reward amounts paid for qualifying bugs through Google's VRP range from $100 to $31,337, which can drastically increase for exploit chains.

This is exactly what it happened in the case of Alpha Lab's Guang Gong who received a $201,337 payout for a remote code execution exploit chain on Pixel 3 devices.

The amount paid in VRP rewards by Google almost doubled for 2019 when compared to the $3.4 million paid through Google VRP in 2018 or the total amount paid every single year since the program was launched in 2010.

https://sive.host/images/lwati/Google%20VRP%20rewards.png

"Since 2010, we have expanded our VRPs to cover additional Google product areas, including Chrome, Android, and most recently Abuse," the announcement reads.

"We've also expanded to cover popular third-party apps on Google Play, helping identify and disclose vulnerabilities to impacted app developers."

In total, Google paid 461 security researchers during 2019, with Gong's over $201,000 reward being the biggest single payout ever.

Over the last 9 years, the company rewarded researchers with roughly $15 million for qualifying vulnerabilities reported through the program

Changes to Google VRP during 2019

In 2019, Google increased Chrome VRP payouts "tripling the maximum baseline reward amount from $5,000 to $15,000 and doubling the maximum reward amount for high-quality reports from $15,000 to $30,000."

Google expanded the scope of the Play Security Reward Program to include any app with over 100 million installs, a change that resulted in more than $650,000 being paid for qualifying bugs in the second half of the year.

The Developer Data Protection Reward program launched in 2019 to allow researchers to help Google with data abuse issues identification and mitigation in Android apps, Chrome extensions, and OAuth projects.

https://sive.host/images/lwati/VRP%20rewards%20for%20most%20common%20classes%20of%20bugs.png

"And if you achieve that exploit on specific developer preview versions of Android, we’re adding in a 50% bonus, making the top prize $1.5 million."

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

The 15 Most-Read CyberSecurity News in the year 2019

Hackers and cyber-attack techniques are evolving every day. Hosting companies and every server...

Troubleshooting - Automated or Manually?

Time is a limited resource for all IT teams. They must be quick, effective and focused on the...

Ubuntu Invites Windows 7 Users With Linux Switch Guides

Canonical today published the first part of a tutorial series designed to help Windows 7 users...

Do not Upgrade, it is too expensive, move your php Website to sive.host

More significantly, there is a new PHP 7.2 Update coming soon which will affect many websites...

Why Join SiveHost’s Reseller and Affiliates Program for Web Hosting

As a web hosting business, your services are essential to other organizations who demand the...