03-11-2025, 06:05 PM
News Google paid nearly $12 million to bug hunters last year
<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Google <a href="http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html">announced</a> it has paid out $11.8 million to more than 600 security researchers who reported bugs in 2024.</p>
<p>Last year, Google <a href="https://bughunters.google.com/blog/5400513950908416/increasing-google-alphabet-vrp-rewards-up-to-151-515">increased the rewards in its Vulnerability Reward Program (VPR)</a> to a maximum of $151,515, while the Mobile VRP now offers up to $300,000 for critical vulnerabilities in the company’s largest apps. The Cloud VRP now has a maximum reward of $151,515, and <a href="https://www.csoonline.com/article/3498357/google-ups-bug-bounties-for-high-quality-chrome-hunters.html">security bugs in Chrome can offer up to $250,000</a>.</p>
<p>Google also doubled the reward for discovering methods to bypass MiraclePtr, to $250,128, and launched kvmCTF, which can award rewards of up to $250,000 for vulnerabilities in kernel-based virtual machine hypervisors. The largest reward paid in 2024 was $110,115 for a method to bypass MiraclePtr in Chrome.</p>
<p>The company also announced that its <a href="https://bughunters.google.com/about/rules/google-friends/5238081279623168/abuse-vulnerability-reward-program-rules">Abuse VRP</a> program paid out 40% more year-over-year in 2024, based on more than 250 valid bugs targeting Google products for abuse and misuse issues, to a total of over $290,000 in rewards.</p>
<p>Rewards for critical vulnerabilities reported in Android and Google mobile apps topped $3.3 million, with 2% more critical and high vulnerabilities reported year over year.</p>
<p>Cloud VRP, launched in October for reporting vulnerabilities in Google Cloud services, tallied $500,000 in rewards based on more than 200 unique security vulnerabilities.</p>
<p>Generative AI bug bounties, based on over 150 reports, resulted in $55,000 in rewards to date, with a live LLM hacking event resulting in $87,000 more in rewards.</p>
<p>Google says the company has now paid out $65 million since its bug hunting program began in 2010.</p>
<p><strong>[ See also: <a href="https://www.csoonline.com/article/657751/top-bug-bounty-programs.html">11 top bug bounty programs launched in 2024</a> ]</strong></p>
</div></div></div></div>
https://www.csoonline.com/article/384314...-year.html
<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Google <a href="http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html">announced</a> it has paid out $11.8 million to more than 600 security researchers who reported bugs in 2024.</p>
<p>Last year, Google <a href="https://bughunters.google.com/blog/5400513950908416/increasing-google-alphabet-vrp-rewards-up-to-151-515">increased the rewards in its Vulnerability Reward Program (VPR)</a> to a maximum of $151,515, while the Mobile VRP now offers up to $300,000 for critical vulnerabilities in the company’s largest apps. The Cloud VRP now has a maximum reward of $151,515, and <a href="https://www.csoonline.com/article/3498357/google-ups-bug-bounties-for-high-quality-chrome-hunters.html">security bugs in Chrome can offer up to $250,000</a>.</p>
<p>Google also doubled the reward for discovering methods to bypass MiraclePtr, to $250,128, and launched kvmCTF, which can award rewards of up to $250,000 for vulnerabilities in kernel-based virtual machine hypervisors. The largest reward paid in 2024 was $110,115 for a method to bypass MiraclePtr in Chrome.</p>
<p>The company also announced that its <a href="https://bughunters.google.com/about/rules/google-friends/5238081279623168/abuse-vulnerability-reward-program-rules">Abuse VRP</a> program paid out 40% more year-over-year in 2024, based on more than 250 valid bugs targeting Google products for abuse and misuse issues, to a total of over $290,000 in rewards.</p>
<p>Rewards for critical vulnerabilities reported in Android and Google mobile apps topped $3.3 million, with 2% more critical and high vulnerabilities reported year over year.</p>
<p>Cloud VRP, launched in October for reporting vulnerabilities in Google Cloud services, tallied $500,000 in rewards based on more than 200 unique security vulnerabilities.</p>
<p>Generative AI bug bounties, based on over 150 reports, resulted in $55,000 in rewards to date, with a live LLM hacking event resulting in $87,000 more in rewards.</p>
<p>Google says the company has now paid out $65 million since its bug hunting program began in 2010.</p>
<p><strong>[ See also: <a href="https://www.csoonline.com/article/657751/top-bug-bounty-programs.html">11 top bug bounty programs launched in 2024</a> ]</strong></p>
</div></div></div></div>
https://www.csoonline.com/article/384314...-year.html