Google paid $12 million in bug bounties last year to security researchers

Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. Among last year's highlights, the company revamped the VRP's reward structure, bumping rewards up to a maximum of $151,515, while its Mobile VRP now offers up to $300,000 for critical vulnerabilities in top-tier apps (with a maximum reward reaching $450,000 for exceptional quality reports). The Cloud VRP increased the top-tier reward amounts by up to five times in July, while Chrome security bug rewards now exceed $250,000. Last year, Google more than doubled rewards for MiraclePtr bypasses to $250,128 from $100,115 when the MiraclePtr Bypass Reward was launched. It also launched kvmCTF, a new VRP unveiled in October 2023, aiming to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor, that offers $250,000 bounties for full VM escape exploits. The company says it awarded $65 million in bug ... Read full article.