Google announced this week that its Vulnerability Reward Programs doled out $8,700,000 for vulnerability rewards in 2021.
Researchers donated $300,000 of their rewards to a charity of their choice, according a blog from Sarah Jacobus of Google’s Vulnerability Rewards Team.
For Android vulnerabilities, payouts doubled compared to 2020, with almost $3 million being rewarded to researchers for a variety of bugs. The company also handed out its largest Android payout ever at $157,000.
The company also launched the Android Chipset Security Reward Program, an invite-only program for researchers looking through manufacturers of certain popular Android chipsets.
The program paid $296,000 for over 220 unique security reports, specifically shouting out Aman Pandey of Bugsmirror Team, Yu-Cheng Lin and researcher firstname.lastname@example.org, who secured the $157,000 award. The company noted that it is also offering a $1,500,000 for bugs found in their Titan-M Security chip used in their Pixel device.
When it comes to Chrome, the company set a new record as well. Google gave out $3.3 million in VRP rewards to 115 researchers that found 333 unique Chrome security bug.
“Of the $3.3 million, $3.1 million was awarded for Chrome Browser security bugs and $250,500 for Chrome OS bugs, including a $45,000 top reward amount for an individual