Security News > 2022 > February > Google almost doubles Linux Kernel, Kubernetes zero-day rewards

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.
"We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.
While initially announced in November that reports of critical vulnerabilities will get rewards of up to $50,337 depending on their severity, Google now increased the maximum reward to $91,337.
As Google revealed in July 2021, since launching its first VRP over ten years ago, it has rewarded more than 2,000 security researchers from 84 different countries for reporting roughly 11,000 bugs.
All in all, Google said that researchers had earned over $29 million since January 2010, when the Chromium vulnerability reward program was launched.
In the Vulnerability Reward Program: 2021 Year in Review report published last week, the company said that it awarded a record-breaking $8,700,000 in rewards in 2021, including the highest payout in Android VRP history: a $157,000 exploit chain.
News URL
Related news
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Strap in, get ready for more Rust drivers in Linux kernel (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)