Android and Chrome bug bounty: Google reveals how much it paid out in 2018
Last year Google paid out $1.7m to security researchers who discovered bugs in Android and Chrome, and the same sum again to coders who found flaws in its other products.
In 2010, Google launched its Vulnerability Reward Program (VRP) to get help from the security research community in identifying and reporting bugs in its apps and software. The aim is to encourage researchers to report issues that can then be fixed before they are exploited. Financial rewards for those reporting bugs, ranging from $100 to $200,000, are based on the risk level of the identified flaw.
Google said it paid out a total of $3.4m in total rewards in 2018, $1.7m of which was for discovering vulnerabilities in Android and Chrome. Google said the programme has now paid out more than $15m in rewards since it was established in 2010.
The company gave a few example of the researchers who had brought their discoveries to it this year.
For example, Ezequiel Pereira, a 19-year-old researcher from Uruguay, uncovered a Remote Code Execution bug that allowed him to gain remote access to the Google Cloud Platform console.
Tomasz Bojarski from Poland discovered a bug related to Cross-Site Scripting (XSS) that could allow an attacker to change the behaviour or appearance of a website, steal private data, or perform actions on behalf of someone else. Google said Tomasz was last year’s top bug hunter and used his reward money to open a lodge and restaurant.
The company also gave the example of Dzmitry Lukyanenka, a researcher from Minsk, Belarus, who lost his job and began bug-hunting full-time and went on to become part of Google’s VRP grants program, which provides financial support for prolific bug-hunters over time.
PREVIOUS AND RELATED COVERAGE
The 0patch fix temporarily patches a data-stealing exploit in Adobe Reader.
Hacked Dunkin’ Donuts accounts are now being sold on Dark Web forums.
Microsoft extends AccountGuard to Canada while Google expands Project Shield to EU Parliament political campaigns.
Vulnerability found in social sharing plugin named “Simple Social Buttons,” installed on more than 40,000 WordPress sites.
Google’s Confidential Computing Challenge aims to make it easier to achieve end-to-end encryption of data in the cloud.
The Password Checkup lets you know if the username and password you’re using have been nabbed by hackers in the past.