To enhance product and platform security, Google runs Vulnerability Reward Programs (VRPs) for Android, Play, Chrome, and Web Services. The company has seen payments to researchers increase by $2 million in 2021 to $8.7 million.
Thanks to these amazing researchers, Google’s vulnerability reward programs have continued to grow, and we’re thrilled to announce that in 2021, we’ve awarded a record $8,700,000 in vulnerability rewards, with researchers having donates over $300,000 of their rewards to a charity of their choice.
The Chrome VRP topped the list again with $3,288,000, including $3.1 million for browser-related bugs and $250,500 for Chrome OS. The highest award amount was $45,000 for Chrome OS, with 115 researchers awarded in total.
Android was next at $2,935,244, a sharp jump from $1.74 million last year. The highest Android VRP payout in history went to a “chain of exploits discovered in Android receiving a reward of $157,000”.
Google notes that no one has yet claimed the $1.5 million Titan M Pixel security chip award, as the company launched the Android Chipset Security Reward Program (ACSRP) in 2021:
…a vulnerability reward program offered by Google in conjunction with the makers of some popular Android chipsets. This private, invitation-only program rewards and recognizes the contributions of security researchers who invest their time and effort to help make Android devices more secure. In 2021, ACSRP paid out $296,000 for more than 220 valid and unique safety reports.
Other highlights from last year:
- Play Security rewards program paid out $550,000 in rewards
- Google bug hunters platform unites Android, Chrome and other vulnerability rewards programs
FTC: We use revenue-generating automatic affiliate links. Continued.
Check out 9to5Google on YouTube for more info: