Google follows Mozilla into vulnerability detection with rewards offered for flaw identifications on Chrome

News by Dan Raywood

Google is to offer payments to developers who find vulnerabilities in its Chrome web browser.

Google is to offer payments to developers who find vulnerabilities in its Chrome web browser.

It said that any bug filed through the Chromium bug tracker (under the template ‘security bug') will qualify for consideration, with a base reward offered of $500 and if the panel finds a particular bug that is particularly severe or clever, it will envisage rewards of $1337.

Google Chrome security spokesperson Chris Evans, said that it was introducing the ‘experimental new incentive for external researchers to participate' and was hoping that the introduction of this program will encourage new individuals to participate in Chromium security.

Evans said: “Any security bug may be considered. We will typically focus on high and critical impact bugs, but any clever vulnerability at any severity might get a reward. Obviously, your bug will not be eligible if you worked on the code or review in the area in question.”

He also said that open collaboration will be encouraged, and Google was interested in bugs in the stable, beta and dev channels, but bugs will be ineligible if they are part of the base operating system, as opposed to part of the Chromium source tree.

Clarifying that Google was unable to issue rewards to residents of countries where the US has imposed the highest levels of export restriction (e.g. Cuba, Iran, North Korea, Sudan and Syria) or to minors, Evans said: “This is not a competition, but rather an ongoing reward program.

“You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions on your ability to enter depending upon local law.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews