Google now offering bigger bounties for finding exploits in Chrome's JavaScript engine

Google launched the Chrome Vulnerability Rewards Program (VRP) back in 2010, encouraging researchers to find exploits in Chrome and Chrome OS in return for monetary rewards. These bugs would then be fixed by the company to make its software more secure. Over the years, the program has grown substantially and now offers rewards of up to $150,000.

Now, Google has announced that it is expanding the rewards program even further and will offer almost double the bonus amount for high quality reports that demonstrate exploits in its V8 JavaScript engine.

Previously, Google would offer bonus rewards only for reports that demonstrate a fully functional exploit in V8. Now, the firm will also be rewarding researchers who spend time to present evidence about how a security bug may be exploited. The monetary values of these bounties are also being essentially doubled. You can view the updated values for V8 exploits below:

High-quality report with
functional exploit
High-quality report with evidence of exploit Baseline
Renderer RCE / memory corruption in a sandboxed process (in V8) Up to $20,000 (from $10,000) Up to $15,000 (from $7,500) N/A
Exploitation Mitigation Bypass (in V8) Up to $10,000 (from $5,000) Up to $6,000 (from $3,000) N/A

Google has noted that reporters who present evidence of exploitability also help the company in fixing bugs and planning future mitigations, so should be rewarded as such. It has also highlighted that even if a V8 security bug doesn't fit into the aforementioned categories, it may still be eligible for a higher reward.

You can visit the Chrome VRP webpage to learn more about the program and what kind of documentation and evidence you need to produce to qualify for bonus tiers of rewards.

Report a problem with article
WhatsApp logo against a black background
Next Article

WhatsApp users can now set different wallpapers for individual chats and themes

1591337796_21743298_1406722539365107_4308832733562613967_n
Previous Article

AWS announces two substantial updates to Amazon Braket

0 Comments - Add comment

Advertisement