Google thinks its Chrome bugs are becoming harder to find, and it’s planning to make it worth developers’ while to look closer. According to a blog post from Tuesday, the Chromium Vulnerability Rewards Program is adding bonuses of $1,000 or more on top of the bounties that already exist for reporting “particularly exploitable” bugs, ones that affect both Chrome or Chromium and a wider range of applications, or ones in areas of code that have been declared “stable.” Base rewards tend to be $500 or $1,000, but “extraordinary” contributions have sometimes netted $10,000 or more. The program also retroactively applied the bonuses to two recent reports.
Google boosts bonuses for finding Chrome bugs by $1,000 or more as participation declines
The Chromium Project is adding bonuses of $1,000 or more on top of some of its current payments for finding bugs on the Chromium web browser.
The Chromium Project is adding bonuses of $1,000 or more on top of some of its current payments for finding bugs on the Chromium web browser.
is a senior tech and policy editor focused on online platforms and free expression. Adi has covered virtual and augmented reality, the history of computing, and more for The Verge since 2011.
The team says it’s adding these bonuses because it’s seen a “significant drop-off” in the number of issues reported by outside sources, something it attributes to a generally more secure and stable browser. The Chromium Project offers an open-source build of Google Chrome; the official Chrome browser also draws from it, and the bug rewards are paid by Google, which gave out a total of $11,500 when Chrome 20 was released.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
