Google doubled the bug bounty program for finding and disclosing Chromebook or Chromebox vulnerabilities to $100,000, from the previous reward of $50,000.
The two challenges for researchers who want to claim the prize involve either compromising a Chromebook in guest mode, or bypassing the Download Protection feature from Chrome’s Safe Browsing option. The six-figure sum is said to be available all year round.
“Since 2010, we’ve happily rewarded researchers who find and report security issues to us through Google’s Security Reward Program,” reads Google’s Security Blog. “Last year, Google paid researchers more than $2,000,000 for their work to make Google users safer.”
The company has an impressive track record for funding bug bounty programs, particularly for their Chrome browser. Android security researchers have also been generously rewarded in the past for digging up vulnerabilities in the mobile OS, with estimated bounty payments totaling around $200,000, including $37,500 to a single researcher.
“Once again, researchers from around the world—Great Britain, Poland, Germany, Romania, Israel, Brazil, United States, China, Russia, India to name a few countries—participated our program,” said Google in its 2015 bounty program review. “Android was a newcomer to the Security Reward program initiative in 2015 and it made a significant and immediate impact as soon as it joined the program.”
By reaching out the security researcher community, Google has managed to boost the security of its products while encouraging responsible vulnerability disclosure.