Google Vulnerability Reward Programs Paid $8.7 Million In 2021

To enhance product and platform security, Google runs Vulnerability Reward Programs (VRPs) for Android, Play, Chrome, and Web Services. The company has seen payments to researchers increase by $2 million in 2021 to $8.7 million.

Thanks to these amazing researchers, Google’s vulnerability reward programs have continued to grow, and we’re thrilled to announce that in 2021, we’ve awarded a record $8,700,000 in vulnerability rewards, with researchers having donates over $300,000 of their rewards to a charity of their choice.

The Chrome VRP topped the list again with $3,288,000, including $3.1 million for browser-related bugs and $250,500 for Chrome OS. The highest award amount was $45,000 for Chrome OS, with 115 researchers awarded in total.

Android was next at $2,935,244, a sharp jump from $1.74 million last year. The highest Android VRP payout in history went to a “chain of exploits discovered in Android receiving a reward of $157,000”.

Google notes that no one has yet claimed the $1.5 million Titan M Pixel security chip award, as the company launched the Android Chipset Security Reward Program (ACSRP) in 2021:

…a vulnerability reward program offered by Google in conjunction with the makers of some popular Android chipsets. This private, invitation-only program rewards and recognizes the contributions of security researchers who invest their time and effort to help make Android devices more secure. In 2021, ACSRP paid out $296,000 for more than 220 valid and unique safety reports.

google vulnerability reward program 2021 android

Other highlights from last year:

  • Play Security rewards program paid out $550,000 in rewards
  • Google bug hunters platform unites Android, Chrome and other vulnerability rewards programs

FTC: We use revenue-generating automatic affiliate links. Continued.

Check out 9to5Google on YouTube for more info:

Leave a Comment