Bug Bounties, Vulnerability Management

Google beefs up Chrome bug bounty program

Chrome Browser receives emergency patch

Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program, according to SecurityWeek.

Additional bounties could also be provided for proof-of-concept code enabling RCE without renderer compromise, according to Google, which will also offer up to $90,000 and up to $35,000 for reports detailing security flaws that could enable controlled write in a non-sandboxed process and memory corruption, respectively. Google has also upgraded rewards for reports demonstrating RCE in a highly-privileged process and those showing RCE in a sandboxed process to up to $85,000 and up to $55,000, respectively, although memory corruption baseline rewards have been maintained to encourage further research into discovered flaws. Also included in the strengthened VRP for Chrome is a $250,128 reward for MiraclePtr-bypassing flaws, up from the previous bounty of $100,115.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds