Google Paid Out Over $700K For Security Flaw Detections - Security - News & Reviews - eWeek.com | eWeek

Google Paid Out Over $700K For Security Flaw Detections

Verfasst von
Clint Boulton
Clint Boulton
Feb 10, 2012
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Google (NASDAQ:GOOG) has paid more than $700,000 to researchers who have detected hundreds of bugs in its Chrome browser and is expanding its security rewards program, the company announced Feb. 9.

Since launching its Chromium Security Rewards Program in January 2010, Google has paid out more than $300,000 of rewards for the detection of hundreds of bugs that posed moderate to critical levels of security threats.

While the flaw finds have ranged from Windows kernel to Chromium Webkit code, Google thinks the program can do better.

The company is expanding its program to cover high-severity Chromium OS security bugs.

These include renderer sandbox escapes via Linux kernel bugs, memory corruptions or cross-origin issues inside the Pepper Flash plug-in, violations of the verified boot path, and Web or network vulnerabilities in system libraries, daemons or drivers.

Google is paying a base reward of $2,000 for well-reported, significant cross-origin bugs, such as a Universal XSS flaw.

Google reserves the right to issue bonuses from $500 to $1,000 on top of base rewards if a bug reporter fixes a bug they find. Security researchers seeking bonuses might work with the Chromium community to produce a peer-reviewed patch.

Finally, Google wants Chromium OS security reported in the Chromium OS bug tracker, but bugs affecting the desktop Chromium browser should be reported in the Chromium bug tracker.

Google in 2010 followed its security rewards program with another vulnerability reward program that spurs researchers to detect bugs in Google’s Web applications, such as YouTube and Gmail.

Since this program was launched in November 2010, Google has shelled out more than $410,000 for researchers finding Web application vulnerabilities. Google also donated $19,000 to charities of their choice.

Since that time, there have been 1,100 bugs hunted€”ranging from low to high severity and 730 of which warranted a financial reward.

In a sign that companies that acquire other companies can get more than they paid for, Google noted that half the bugs that received a reward were detected in software written by approximately 50 companies that Google acquired. The rest were detected in apps written by Google software engineers.

Chrome has had a busy week. Google just launched Chrome 17 into the stable channel, which included the detection of 20 flaws, for which Google paid $10,500.

Google also introduced Chrome for Android beta, a mobile version of the mobile app, and revealed its Chrome Screentest to gain more data on Chrome usage.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.