2 min

Tags in this article

, , , ,

Starting today and running until December 1st, 2023, those intrepid hunters who successfully report sandbox escape chain exploits targeting Google’s beloved Chrome web browser will receive triple the standard reward.

This audacious initiative aims to encourage security researchers to roll up their sleeves and dig deep into the inner workings of Chrome.

By identifying and reporting vulnerabilities, bug-hunting experts will help fortify the browser’s defenses against malicious attacks. It’s a win-win situation—hunters get rewarded handsomely, and Chrome becomes even more resilient.

What is an eligible exploit?

According to Google, it must be a full-chain escapade resulting in a daring sandbox escape. This would have to showcase the attacker’s control and code execution outside the sandbox.

The exploit must also be fully remote, allowing an audacious attacker to unleash their mischief from afar.

To sweeten the deal, Google is throwing in an additional bonus for subsequent full-chain exploits. These can be submitted through the Chrome Vulnerability Reward Program. This amounts to a significant bonus that will double the regular reward.

A hefty reward

With the potential for rewards reaching up to a staggering $180,000, participants have a chance to rake in some serious cash.

Amy Ressler, the Chrome Security Team Senior Technical Program Manager, expressed her enthusiasm for these exploits, highlighting their value in identifying potential attack vectors and devising future mitigation strategies. It’s like a thrilling game of cat and mouse where everyone benefits except the nefarious actors lurking in the shadows.

This announcement comes on the heels of Google’s recent Mobile Vulnerability Rewards Program launch, offering rewards for finding flaws in their Android applications. The tech giant’s dedication to security is undeniable, with over $50 million distributed in bounties since 2010.

Also read: Google to start removing secure website indicators in Chrome