clock menu more-arrow no yes

Filed under:

Google boosts bonuses for finding Chrome bugs by $1,000 or more as participation declines

New, 38 comments

The Chromium Project is adding bonuses of $1,000 or more on top of some of its current payments for finding bugs on the Chromium web browser.

Chromium logo
Chromium logo

Google thinks its Chrome bugs are becoming harder to find, and it's planning to make it worth developers' while to look closer. According to a blog post from Tuesday, the Chromium Vulnerability Rewards Program is adding bonuses of $1,000 or more on top of the bounties that already exist for reporting "particularly exploitable" bugs, ones that affect both Chrome or Chromium and a wider range of applications, or ones in areas of code that have been declared "stable." Base rewards tend to be $500 or $1,000, but "extraordinary" contributions have sometimes netted $10,000 or more. The program also retroactively applied the bonuses to two recent reports.

The team says it's adding these bonuses because it's seen a "significant drop-off" in the number of issues reported by outside sources, something it attributes to a generally more secure and stable browser. The Chromium Project offers an open-source build of Google Chrome; the official Chrome browser also draws from it, and the bug rewards are paid by Google, which gave out a total of $11,500 when Chrome 20 was released.