Finding a security hole in your web browser isn't normally something to be happy about. But if you're the first person to encounter a software bug compromising Google Chrome, you could earn a big check from the company. As CNET reports, Google's bug bounty program, which has been rewarding amateur users' bug reports since 2010, has increased its maximum payment to $30,000.
For nearly a decade, Google has used bounties as a way to catch vulnerabilities in its security system before hackers can exploit them. The tech giant says it has paid out more than $5 million in rewards for more than 8500 bug reports. That number may seem enormous, but compared to the cost of hiring more programmers full-time—or the cost of a major security breach—it's a smart investment on Google's part.
In a recent blog post, Google announced that it will be increasing reward amounts across the board. The baseline payment for a regular bug report has been tripled from $5000 to $15,000, and the maximum reward for a high-quality report has doubled from $15,000 to $30,000. Google lays out what constitutes a high-quality report on its application security page.
Computer whizzes who detect attacks on Chrome OS, the software foundation for Chromebooks, can receive even bigger paydays from Google. The company will pay $150,000 to anyone who reports exploit chains that can compromise a Chromebook or Chromebox in its more restricted guest mode. Fuzzers—bug-hunters who look for vulnerabilities in a product by hitting it with random data—are also getting bigger rewards. The bonus they receive for finding bugs using the Chrome Fuzzer Program has been doubled to $1000.
Using bug bounties as an incentive to report security issues is a practice used across the tech industry. Earlier in 2019, Apple thanked the 14-year-old who first discovered the disastrous Group FaceTime bug by giving him money for college.