Bug Bounties, Vulnerability Management

Google beefs up Chrome bug bounty program

Share
Chrome Browser receives emergency patch

Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program, according to SecurityWeek.

Additional bounties could also be provided for proof-of-concept code enabling RCE without renderer compromise, according to Google, which will also offer up to $90,000 and up to $35,000 for reports detailing security flaws that could enable controlled write in a non-sandboxed process and memory corruption, respectively. Google has also upgraded rewards for reports demonstrating RCE in a highly-privileged process and those showing RCE in a sandboxed process to up to $85,000 and up to $55,000, respectively, although memory corruption baseline rewards have been maintained to encourage further research into discovered flaws. Also included in the strengthened VRP for Chrome is a $250,128 reward for MiraclePtr-bypassing flaws, up from the previous bounty of $100,115.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.