In 2019, Google paid out over US $6.5 million in rewards to hackers/developers who detected vulnerabilities.
Google announced this on its blog.
- Chrome’s VRP increased its reward payouts by tripling the maximum baseline reward amount from $5,000 to $15,000 & doubling the maximum reward amount for high quality reports from $15,000 to $30,000. The additional bonus given to bugs found by fuzzers running under the Chrome Fuzzer Program is also doubling to $1,000. More details can be found in their program rules page.
- Android Security Rewards expanded its program with new exploit categories & higher rewards. The top prize is now $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. Check out the program rules page for more details around our new exploit categories and rewards.
- Abuse VRP engaged in outreach & education to increase researchers awareness about the program, presenting an overview of our Abuse program in Australia, Malaysia, Vietnam, the UK & US.