Google Increases Rewards for Bug Catchers...Again

News
By published

Google sees a significant drop-off in reported security issues and hopes to increase efforts by introducing more bonuses.

Earlier this year Google increased its bug bounty drastically, offering an award of up to $20,000 in comparison to its previous top reward of $3,133.70.

Now, the company is giving even more incentives to crafty bug catchers out there.

On Tuesday, Chrome software engineer Chris Evans (not to be confused with Captain America) stated in the Chromium Blog, "Recently, we've seen a significant drop-off in externally reported Chromium security issues. This signals to us that bugs are becoming harder to find."

According to the engineer, Google will be awarding researchers additional bonuses starting from $1,000 and increasing based on the severity of the bugs. The bonuses will be added to the current base payments, which range anywhere from $500 to $3,133 for "particularly exploitable" bugs found in Chrome's code and for vulnerabilities that affect additional browsers.

The bug bounty program changes were immediately put into effect, but the company graciously gave $1,000 and $3,000 bonuses to recent bug reporters who were eligible under the new program. In addition to the bonuses for bug reporting, Google also hopes to increase activity in the Chromium community by offering additional bonuses of $500 to $1000 to any bug catcher who joins the community and provides a peer-reviewed patch.

Contact Us for News Tips, Corrections and Feedback

TOPICS
Tuan Mai
Tuan Mai
Tuan Mai is a Los Angeles based writer and marketing manager working within the PC Hardware industry. He has written for Tom's Guide since 2010, with a special interest in the weird and quirky.
More about security software

Florida experiences a huge 1,150% surge in VPN use as Pornhub blocks access in response to age-verification law

BadRAM attack breaches AMD secure VMs using a Raspberry Pi Pico, DDR socket, and a 9V battery

GPUs with 8GB of VRAM in 2025 are 'like bringing a butter knife to a gunfight' reckons Grok AI
See more latest
10 Comments Comment from the forums
  • freggo
    Actually a clever tactic as it is far less expensive to pay the bug catchers than setting aside employees for the task. Think about it, the employee costs money, no matter if he/she finds a bug or not.
    An outsider will think 'outside the box'; and get paid only if he/she finds something.
    Reply
  • AznCracker
    It's outsourcing to freelancers.
    Reply
  • A Bad Day
    I could imagine a Google employee purposely slipping in bugs and informing his/her partner about it. Imagine the extra salary.
    Reply
  • dalethepcman
    A Bad DayI could imagine a Google employee purposely slipping in bugs and informing his/her partner about it. Imagine the extra salary.Then you can imagine the google employee being terminated, having their benifits revoked for defrauding / embezzling, then going to "federal pound you in the ass" prison...

    This is crowd sourcing at its finest.

    Reply
  • house70
    A Bad DayI could imagine a Google employee purposely slipping in bugs and informing his/her partner about it. Imagine the extra salary.Dude, just reading your comments makes me ROFL. You are pretty good with catching every negative side and slapping it on the forums. I guess you picked your name pretty well. I usually thumb you up just for the negative spin.
    On this one, however, I have to give the point to dalethepcman. Just because this system is so much in the open nobody can expect to do that and get away with it. And we all know by now how sweet is to be a Google employee.....
    Reply
  • Chainzsaw
    Actually - putting a bounty on bugs is a pretty damn good idea. Kind of like the old west with outlaws.

    Why don't more companies do this? Of course I also see the flip side of how a relesed product shouldn't have major bugs (hah!).
    Reply
  • back_by_demand
    ChainzsawWhy don't more companies do this?Most companies don't release a product with a billion dollars worth of bugs in it
    Reply
  • cepheid
    More along the lines of "most companies don't care if they release a bugged product or not".
    Reply
  • A Bad Day
    back_by_demandMost companies don't release a product with a billion dollars worth of bugs in it
    Or, they're so cheap that they couldn't bother bug-checking in the first place.
    Reply
  • eddieroolz
    This tactic is something I can applaud from Google. There are legions of talented hackers, so why not use them for your benefit?
    Reply
Most Popular
Gigabyte RTX 5060/Ti lineup
GPUs with 8GB of VRAM in 2025 are 'like bringing a butter knife to a gunfight' reckons Grok AI
WD Black SN850X 8TB SSD
Amazon lists the unannounced WD Black SN8100 with 14.9 GB/s reads for $225 (1TB)
Neuralink BCI implant
Brain interface used to edit YouTube video — paralyzed Neuralink patient also uses AI to narrate with his own voice
Microsoft Surface Laptops
More compact Arm variants of Microsoft Surface Pro and Laptop lines leaked
Zotac RTX 5060 Series
Nvidia RTX 5060 Ti 8GB loses up to 10% performance when using PCIe 4.0
Cerabyte glass and ceramic storage media
Storage device boiled in salt water, then grilled in an oven as proof of durability — Cerabyte's glass storage media claimed to be ultra-rugged
Intel Xeon CPU
Dynatron coolers support up to 660W for Intel Diamond Rapids and AMD Venice CPUs
Minecraft
Minecraft runs on 8MB of VRAM using a 20-year-old GPU
Intel Arc Battlemage B580 and B570
Intel Arc Xe3 Celestial GPU enters pre-validation stage
Nvidia CEO Jensen Huang
Nvidia CEO Jensen Huang scores his first base salary increase since 2015