Google Boosts Bug Bounties to $1.5 Million for Zero-Click Pixel Exploits
Google has raised the maximum bounty in its Android and Chrome Vulnerability Reward Programs to $1.5 million for zero-click exploits targeting Pixel devices.
Google has announced significant updates to its Android and Chrome Vulnerability Reward Programs (VRPs), increasing the maximum bounty for critical exploits to $1.5 million. This enhanced program aims to incentivize security researchers to discover and report complex vulnerabilities, particularly those that are difficult for automated tools to detect. The top reward is reserved for zero-click, full-chain exploits targeting the Titan M2 security chip in Pixel devices.
The revised program structure also adjusts rewards for less complex vulnerability reports, encouraging broader participation from the security research community. By prioritizing researcher-driven findings, Google seeks to proactively identify and address potential security weaknesses in its widely used products and hardware.
The increased bounties underscore Google's commitment to securing its ecosystem against sophisticated threats. Researchers are encouraged to submit their findings through the established VRP channels, with a focus on vulnerabilities that pose the greatest risk to users and the integrity of the Android and Chrome platforms.