Google’s Vulnerability Reward Program Offers Big Bucks If You Can Compromise a Chromebook



[ad_1]

Google has a team of vulnerability researchers working around the clock to find flaws in Chrome, the Google Play Store, Android, and more, and that hasn’t changed despite the pandemic. Google recently took the time to detail how much money it paid researchers in 2020 through its Vulnerability Rewards (VRP) program. Those who discovered security holes in its ecosystem were awarded a lot of money – $ 6.7 million to be exact.

This annual report is up $ 200,000 from 2019, and last year was already double what they normally paid (see 2018) for those who find flaws in Google’s software. These findings help keep users and the internet safe, and the company seems happy to shell out tons of money to fix issues they don’t immediately see.

Android VRP paid $ 1.74M, Google Play VRP paid $ 270,000 to Android researchers around the world, and Chrome VRP paid $ 2.1M on 300 bugs in 2020 alone. Chrome is the most interesting, in my opinion, because this year has been a record – 83% more money was paid than last year!

In 2019, 14% of Google payments were for V8 bugs – issues and exploits directly related to the JavaScript engine of the Chrome browser. Interestingly, this was reduced to just 6% in 2020 – that’s over 50% off! However, the zero-day exploit we recently discussed was directly related to this – a heap overflow corruption issue in the V8 engine. We don’t know if a VRP researcher was directly responsible for bringing this to Google’s attention, but luckily it was fixed right away!

If you would like to review the Chrome Vulnerability Rewards program rules, you can visit Google’s Application Security page to learn more. There you will find more information on the scope of the program, eligible vulnerabilities, how you can report bugs, and even a table showing how much you can get paid!

There is currently a $ 150,000 reward for attendees who can compromise a Chromebook or Chromebox with device persistence in Guest mode (i.e. guest-to-guest persistence with an intermediate restart via a Web page). There are also rewards for those who can bypass the lock screen or biometric security, and more. V8-related exploits may be eligible for increased reward, no doubt thanks to the zero-day vulnerability mentioned above!

The page you’ll find using the blue button below also has a host of frequently asked questions related to bug hunting, including when you’ll get paid, and more. The lowest payout is $ 500, but it’s still a nice amount of spending money for anyone who’s smart enough about cybersecurity or programming. If you choose to participate, I recommend you take a look and see if you have what it takes to protect the millions of Chrome and Chrome OS users who surf the web daily!

Visit the Chrome OS VRP Requirements page

[ad_2]

Source link