Google says nearly $9 million given out in 2021 vulnerability rewards

Google announced this week that its Vulnerability Reward Programs doled out $8,700,000 for vulnerability rewards in 2021. 

Researchers donated $300,000 of their rewards to a charity of their choice, according a blog from Sarah Jacobus of Google’s Vulnerability Rewards Team.

For Android vulnerabilities, payouts doubled compared to 2020, with almost $3 million being rewarded to researchers for a variety of bugs. The company also handed out its largest Android payout ever at $157,000. 

The company also launched the Android Chipset Security Reward Program, an invite-only program for researchers looking through manufacturers of certain popular Android chipsets. 

The program paid $296,000 for over 220 unique security reports, specifically shouting out Aman Pandey of Bugsmirror Team, Yu-Cheng Lin and researcher, who secured the $157,000 award. The company noted that it is also offering a $1,500,000 for bugs found in their Titan-M Security chip used in their Pixel device. 


When it comes to Chrome, the company set a new record as well. Google gave out $3.3 million in VRP rewards to 115 researchers that found 333 unique Chrome security bug. 

“Of the $3.3 million, $3.1 million was awarded for Chrome Browser security bugs and $250,500 for Chrome OS bugs, including a $45,000 top reward amount for an individual

Read More: