GoKawiilJoe Maring / Android Authority
TL;DR Google is now offering up to $1.5 million for advanced zero-click Pixel hacks targeting the Titan M2 security chip.
Meanwhile, Google is slashing payouts for basic Android and Chrome vulnerabilities and cutting several bonus categories.
Researchers can still earn up to $250,000 for full-chain Chrome exploits, and the MiraclePtr bonus remains untouched.
Google is cutting rewards for simple Android and Chrome exploits, but is offering a huge $1.5 million bounty to anyone who can achieve a zero-click, permanent hack of a Pixel’s Titan M2 chip.
In a new update to its Android and Chrome Vulnerability Reward Programs (VRPs), Google announced that it’s reworking payouts to focus less on lower-impact reports and more on complex bugs that could seriously affect users. The changes are already live.
The main news is about Android. Google now offers up to $1.5 million (was $1 million previously) for certain advanced Android exploits that persist, including zero-click attacks on Pixel devices with Titan M security chips. A non-persistent version pays $750,000.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
Meanwhile, Chrome is moving in the opposite direction. Google says it is lowering some Chrome reward payouts and cutting bonus categories because AI-generated vulnerability reports are becoming more common. The company still encourages security researchers to submit reports, but now prioritizes concise, reproducible findings with clear proof of impact over the number of submissions.
... continue reading