Google Chrome increases reward bug bounty to US$100,000

Google Chrome has increased its maximum bug bounty to US$100,000 among fears that software is becoming more susceptible to hacking.

Google set up the bug bounty programme as a deterrent for illegal hackers, offering a reward for finding bugs within their system.

The programme encourages hackers to infiltrate the software to try to find any bugs or loopholes, then report them back to Google and in turn receive a reward. Bug bounties are a popular method to check illegal hacking activity, and its use is becoming more widespread.

Google has paid out over US$6 million so far

Since the launch of Google Chrome’s bug bounty back in January 2010, over US$6 million has been paid out to security researchers for their contributions to make Chrome safer. Google Chrome extends its programme to any would-be hacker, with rewards for even the smallest of bugs.
“Any security bug in Chrome or Chrome OS may be considered,” the firm confirmed in a blog post.

However, security researchers can be rewarded with larger sums of money for investigating areas of the software with a higher threat risk. Google are mainly interested in bugs that infiltrate their Stable, Beta and Dev channels. Furthermore, Google are interested to hear about any bugs that might be active in third-party components that Google use or ship (e.g. PDFium, Adobe Flash).

Rewards for bug bounty programmes escalate

In 2015, Google introduced their top reward of US$50,000, however, after suffering not a single successful submission, in March 2016 Google raised the reward to US$100,000 in an attempt to attract more hackers.

In todays information age, security concerns in conjunction with software are very real, with companies being cheated out of billions of dollars in economic productivity every year due to bugs and hackers. Information regarding bugs can sell for vast amounts of money due to the damage to business infrastructure they can cause.

As an example, last year the Google Chrome security team were alerted to a bug within their SOP (Same-Origin Policy) by an anonymous security researcher. The anonymous researcher netted a US$25,633.70 for the discovery. Google commented that the “bug would have been worth about the same on the black market”.

Pilot cyber security project

With the success of bug bounty programmes, more and more large corporations and even government bodies are inviting hackers all over the world to have a go at cracking their systems.

Earlier in March 2016, for the first time ever, the US government set up a pilot bug bounty project, dubbed ‘Hack the Pentagon.’

As more firms work to combat the risks of cyber breaches, it seems likely that bug bounty programmes will remain on the agenda, and in IT budgets.


Written by Jason Colmer.