Google this week said it handed out a record $8.7 million in bug bounty payouts in 2021 as part of its Vulnerability Reward Programs (VRPs). A total of 696 researchers from 62 countries received bug bounties.
The highest reward paid last year was $157,000, for a security issue in Android. The Internet giant awarded roughly $3 million in bounty rewards to researchers reporting bugs in the Android platform, but says that the $1.5 million reward it offers for Pixel’s Titan-M security chip flaws remains unclaimed.
As part of the Android Chipset Security Reward Program (ACSRP), which Google runs in collaboration with makers of other popular Android chipsets, a total of $296,000 was paid out, for more than 220 valid and unique security reports.
The company also rewarded 333 reports for unique security errors in Chrome, for a total of $3.3 million in VRP rewards: $3.1 million for vulnerabilities in the Chrome browser and $250,500 for Chrome OS issues. A total of 115 researchers were rewarded for their efforts, Google says.
Furthermore, $550,000 in bug bounty payouts was handed to more than 60 security researchers for Google Play vulnerabilities.
[READ: Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years]
Over the past three months, as part of its VRP for the open-source Kubernetes-based Capture-the-Flag (CTF) project called kCTF – which targets security holes in critical open-source dependencies of Google Kubernetes Engine (GKE) – the company paid $175,685 in bounty rewards.
Last year, Google also paid $313,337 in prizes to researchers participating in its 2020 edition of the Google Cloud Platform VRP Prize.
Also in 2021, the company awarded more than $200,000 in grants to roughly 120 security researchers worldwide, as part of its experimental Vulnerability Research Grant program, which is meant to help bug hunters take “a detailed and extensive look into the security of Google products and services.”
Also in 2021, Google announced the launch of its new Bug Hunters portal at bughunters.google.com, which brings together all of the company’s VRPs (Google, Android, Abuse, Chrome, and Google Play), to streamline bug submissions. It also includes dedicated content to help researchers improve their skills.
Related: Bug Hunters Confident They Will Continue to Outperform AI: Study
Related: Cloudflare Launches Public Bug Bounty Program
Related: U.S. Government Launches ‘Hack DHS’ Bug Bounty Program
More from Ionut Arghire
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
