Security News > 2023 > February > Google paid $12 million in bug bounties to security researchers
Google last year paid its highest bug bounty ever through the Vulnerability Reward Program for a critical exploit chain report that the company valued at $605,000.
In total, Google spent over $12 million for more than 2,900 vulnerabilities in its products discovered and reported by security researchers.
Google also awarded $486,000 last year for 700 security reports through the invite-only Android Chipset Security Reward Program - a private reward program that Google offers in collaboration with Android chipset makers.
The company also paid a total of $4 million in 2022 for 363 vulnerabilities in Chrome Browser and 110 security issues in ChromeOS. Google announced that this year Chrome VRP will start experimenting and may offer bonus opportunities for security issues reported in the browser and ChromeOS. The rewards program for open-source products that Google launched in August 2022 awarded more than 100 bug hunters with over $110,000.
Apart from bounties paid to researchers, Google also awarded more than $250,000 in grants to more than 170 researchers.
In 2022, Google paid 703 researchers for the reports submitted through the Vulnerability Rewards Programs and was a sponsor for the NahamCon and BountyCon security-related conferences.
News URL
Related news
- Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats (source)
- Google Pays $10M in Bug Bounties in 2023 (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- New Google Workspace feature prevents sensitive security changes if two admins don’t approve them (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Chinese government website security is often worryingly bad, say Chinese researchers (source)
- Top 5 Global Cyber Security Trends of 2023, According to Google Report (source)