1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google increases Chrome bug bounty rewards up to $250,000

    From TechnologyDaily@1337:1/100 to All on Fri Aug 30 14:30:05 2024
    Google increases Chrome bug bounty rewards up to $250,000

    Date:
    Fri, 30 Aug 2024 14:27:00 +0000

    Description:
    Google will pay the most detailed report of RCE in a non-sandboxed process up to $250k as a thank you.

    FULL STORY ======================================================================

    To mark Google Chrome s 16th anniversary, and its associated Vulnerability Reward Program (VRP)s 14th birthday, Google has announced a series of updates to the scheme designed to attract security and vulnerability researchers to share details of arising issues.

    In a blog post by Information Security Engineer Amy Ressler, the scheme is being described as undergoing an evolution to incentivize high-quality reporting and deeper research of Chrome vulnerabilities.

    As part of the updates, Google has made up to $250,000 available for demonstrated remote code execution in a non-sandboxed process. Google increases its Chrome VRP bounties

    Ressler shared: If the RCE in a non-sandboxed process can be achieved without a renderer compromise, it is eligible for an even higher reward, to include the renderer RCE reward.

    Beside memory corruption bugs, Google will also consider reports regarding other vulnerabilities, with rewards ranging from $1,000 to $30,000 based on a scale of lower, moderate and high impact.

    The company will also consider MiraclePtr a declarative security boundary, stripping MiraclePtr-protected bugs in non-renderer processes from their security bug status. Consequentially, from Chrome 128, a valid submission of
    a MiraclePtr bypass could return a reward of up to $250,128, more than double the $100,115 previously available.

    Google confirmed: Reports that don't demonstrate security impact or the potential for user harm, or are purely reports of theoretical or speculative issues are unlikely to be eligible for a VRP reward.

    Looking ahead, Chromes developers have committed to exploring more experimental reward opportunities and evolving its program to better serve
    the security community.

    Moreover, Google rolled out updates to its other schemes earlier this summer, with some RCE reports capable of bringing in more than $150,000 in rewards.
    At the time, information security engineers Sam Erb and Krzysztof Kotowicz explained that Googles systems have become more secure, thus developers
    should be eligible for higher rewards. More from TechRadar Pro Protect your device with the best endpoint security software Google is ending its Android app store bug bounty program These are the best privacy tools and anonymous browsers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/google-increases-chrome-bug-bounty-rewards-up-to -250-000


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)