1. High-Stakes Chrome Vulnerability Bounties: Reward of $250K for Critical Security Flaws | Insider’s Guide

Yasin Baturhan Ergin/Anadolu via Getty Images

Update (August 29, 2024): Google contacted us to clarify the amount of money people can earn in this program. According to the company, the payout is determined by the quality of the initial report, what software component was missing, and what Google can learn from the scenario. If the company cannot determine how an exploit works but is able to mitigate a potential vulnerability, the researcher who discovered the flaw will earn a reward. However, it won’t be the full amount.

It’s unfortunate that as technology improves, so do the threats. Bad actors are constantly searching for new ways to exploit unintended or overlooked flaws. Google, recognizing this issue, has updated the reward structure for its Chrome Vulnerability Reward Program (VRP) in an effort to incentivize “deeper security research.”

The money bug hunters can earn moving forward is much higher than before. Now the most you can win on a single issue is $250,000. To earn this bounty, you must perform two important tasks. First, you’ll need to locate a memory corruption bug inside a non-sandboxed process.

Also: 5 ways to improve your Chrome browser’s security

Memory corruption is when a software’s memory is altered in some way, causing abnormal behaviors. A non-sandboxed process refers to an exploit that can affect all aspects of an app. In this case, the app is Chrome browser. The second criterion is you must provide a “high-quality report” demonstrating remote code execution (RCE). Doing so could net you that quarter of a million dollars. Previously, the maximum amount was capped at $40,000.

From there, the cash prizes decrease as memory corruption bugs become less severe. Demonstrating remote execution in a controlled environment may win you up to $90,000. A report showing active memory corruption could earn you $35,000 max.

Newsletters

ZDNET Tech Today

ZDNET’s Tech Today newsletter is a daily briefing of the newest, most talked about stories, five days a week.

Subscribe

See all

Keep in mind that none of these prizes are guaranteed. Google still needs to review your work.

There are other scenarios where the tech giant is offering an increased reward. For example, if you locate a memory corruption bug inside “a highly-privileged process,” you could receive up to $85,000. Finding the same exploit in a sandboxed process has a maximum $55,000 reward.

Also: Stop paying for antivirus software. Here’s why you don’t need it

Google is putting a lot of emphasis on locating memory corruption vulnerabilities, but it is also updating the prize structure for other security flaws. What you can get depends on whether something is considered high or low impact. For example, finding a site isolation bypass flaw may net you up to $30,000. Sniffing out a security UI spoofing exploit gives $10,000.

Additionally, the MiraclePtr Bypass Reward has increased exponentially – more than doubled, in fact, from $100,115 to $250,128. You can also win bonus cash prizes. “Identifying the specific commit that introduced the bug” gives a cool $1,000.

If you’re looking for ways to protect yourself online, check out ZDNET’s list of the best identity theft protection and credit monitoring services list .

See also

How to find out if an AirTag is tracking you

Five easy steps to keep your smartphone safe from hackers

How to protect and secure your password manager

How to check if your VPN is working (and what to do if your VPN won’t connect)

• How to find out if an AirTag is tracking you
• Five easy steps to keep your smartphone safe from hackers
• How to protect and secure your password manager
• How to check if your VPN is working (and what to do if your VPN won’t connect)

Also read:

Click here