Google thinks its Chrome bugs are becoming harder to find, and it's planning to make it worth developers' while to look closer. According to a blog post from Tuesday, the Chromium Vulnerability Rewards Program is adding bonuses of $1,000 or more on top of the bounties that already exist for reporting "particularly exploitable" bugs, ones that affect both Chrome or Chromium and a wider range of applications, or ones in areas of code that have been declared "stable." Base rewards tend to be $500 or $1,000, but "extraordinary" contributions have sometimes netted $10,000 or more. The program also retroactively applied the bonuses to two recent reports.
The team says it's adding these bonuses because it's seen a "significant drop-off" in the number of issues reported by outside sources, something it attributes to a generally more secure and stable browser. The Chromium Project offers an open-source build of Google Chrome; the official Chrome browser also draws from it, and the bug rewards are paid by Google, which gave out a total of $11,500 when Chrome 20 was released.