Google Expands Chromium Security Rewards Program

Google Chrome team has announced to expand its Security Rewards Program, which will now cover the Chrome OS as well. The Security Rewards Program is a bug bounty program for reporting bugs present in Chromium – the open source browser project behind the Chrome and Chrome OS.

As reported earlier, Google awarded $10,500 for the bugs fixed with Chrome 17. Moreover, Google has awarded over $300,000 to the individual bug hunters so far.


Now this security bug bounty program also covers Chrome OS. Google says, “Chromium OS includes much more than just the Chromium browser, so we’re rewarding security bugs across the whole system, as long as they are high severity and present when “developer mode” is switched off. […] We may elect to issue “bonuses” ranging from $500 to $1000 if a bug reporter takes on fixing the bug they have found themselves. […] Chromium is a more stable and robust browser thanks to the efforts of the wider security community.”.

Google also runs a vulnerability reward program for discovering bugs in Google’s web applications. The company has awarded over $429,000 for around 730 “qualified” bugs to more than 200 individual bug hunters. Google adds that the 50% “qualified for reward” bugs were present in the software developed by the companies that Google acquired.