• Skip to primary navigation
  • Skip to main content

Chrome Unboxed - The Latest Chrome OS News

A Space for All Things Chrome, Google, and More!

  • News
  • Reviews
  • Unboxing
  • Chromebooks
  • Upcoming
  • Deals
  • Tips
  • Podcast
  • Home
  • Gaming
  • SEARCH
You are here: Home / Developers / Google’s Vulnerability Reward Program is offering a lot of money if you can compromise a Chromebook
Google’s Vulnerability Reward Program is offering a lot of money if you can compromise a Chromebook

Google’s Vulnerability Reward Program is offering a lot of money if you can compromise a Chromebook

February 6, 2021 By Michael Perrigo Leave a Comment

Google has a team of vulnerability researchers who work around the clock to find holes in Chrome, the Google Play Store, Android, and more, and that hasn’t changed despite the pandemic. Google recently took time to detail how much money it has paid out to researchers in 2020 via its Vulnerability Rewards Program (VRP). Those who found security flaws in its ecosystem were paid a lot of money – $6.7 million to be exact.

This annual report is up by $200,000 over 2019, and last year was already double what they normally pay out (see 2018) for those who find flaws in Google’s software. These discoveries help keep users, and the internet at large, safe, and the company seems happy to pay out tons of money to fix problems that they, themselves don’t see right away.

Android VRP paid out $1.74M, Google Play VRP paid out $270,000 to Android researchers around the world, and Chrome VRP paid out $2.1M across 300 bugs in 2020 alone. Chrome is the most interesting, in my opinion, because this year was record-breaking – 83% more money was paid out than last year!

In 2019, 14% of Google’s payouts were for V8 bugs – issues and exploits directly related to the Chrome browser’s JavaScript engine. Interestingly enough, this was cut down to just 6% in 2020 – that’s over a 50% reduction! However, the zero-day exploit that we recently reported on was directly related to this – a heap overflow corruption issue in the V8 engine. We’re not sure if a VRP researcher was directly responsible for bringing this to Google’s attention, but luckily, it was patched right away!

If you’re interested in seeing the Chrome Vulnerability Rewards Program Rules, you can head over to Google’s Application Security page to learn more. There, you will find more on the scope of the program, which vulnerabilities qualify, how you can report bugs, and even a table showing how much you can get paid!

There’s currently a standing $150,000 reward for participants that can compromise a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot delivered via a web page). There are also rewards for those who can bypass the lock screen or biometric security, and more. Exploits related to V8 may be eligible for an increased reward, no doubt thanks to the aforementioned zero-day vulnerability!

more from Chrome Unboxed
  • Straight to the bank with this - The new Google Pay re-launch is everything I'd hoped for and more
    Straight to the bank with this – The new Google Pay re-launch is everything I’d hoped for and more
    by Michael Perrigo

The page you’ll find using the blue button below also features a host of frequently asked questions related to bug hunting, including when you’ll be paid, and more. The lowest payout is $500, but that’s still a nice bit of pocket cash for anyone who is smart enough in cyber-security or programming. If you choose to participate, I recommend that you take a look and see if you have what it takes to protect millions of Chrome and Chrome OS users who browse the web daily!

Visit the Chrome OS VRP requirements page

Get Alerted About New Posts On
Your Schedule
Sign Up For The Official Chrome Unboxed Newsletter
Latest Posts
  • Enterprise and G Suite for Education are dead. Long live Google Workspace for Education
  • Youtube TV is adding 4K streaming, additional screens, and more for a cost
  • Samsung Galaxy Chromebook 2 gets unboxed…by Samsung [VIDEO]
  • Icon surfaces for upcoming Chrome OS screen mirroring tool ‘Eche’

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Filed Under: Developers, News

About Michael Perrigo

Think. Tinker. Dominate. Game developer and author. Must learn something new every day. I have a passion for the mobile games industry and where it's headed. I enjoy working out and eating delicious food to counteract my progress.

TWITTER | FACEBOOK | INSTAGRAM | YOUTUBE | EMAIL | ABOUT

Copyright © 2021 · Chrome Unboxed · Chrome is a registered trademark of Google Inc.
We are participants in various affiliate advertising programs designed to provide a means for us to earn fees by linking to affiliated sites.

GET EMAIL UPDATES

Privacy Policy

  • Reviews
  • Editorial
  • About