Google will now pay up to $30,000 for reporting a Chrome bug

You can earn bigger bucks by becoming a digital bounty hunter.

Shelby Brown Editor II
Shelby Brown (she/her/hers) is an editor for CNET's services team. She covers tips and tricks for apps, operating systems and devices, as well as mobile gaming and Apple Arcade news. Shelby also oversees Tech Tips coverage. Before joining CNET, she covered app news for Download.com and served as a freelancer for Louisville.com.
  • She received the Renau Writing Scholarship in 2016 from the University of Louisville's communication department.
Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Shelby Brown
Stephen Shankland
2 min read
A Google Chrome sticker

Chrome isn't offering chump change. 

Stephen Shankland/CNET

Since 2010, Google has paid some people who report security holes in the Chrome browser. If becoming a digital bounty hunter sounds like a sweet gig, Google just upped the reward. Highlights include tripling the maximum baseline reward from $5,000 to $15,000 and doubling the maximum reward for a "high quality report" from $15,000 to $30,000 if you include example software that exploits the problem, according to a Chrome Security blog post

For Chrome OS, Google's browser-based software foundation for Chromebooks, Google also increased its standing reward to $150,000 for revealing attacks that can compromise a Chromebook or Chromebox in its more restricted guest mode. Security bugs found in firmware and or that let attackers bypass Chrome OS' lock screen also generate rewards,  Google  said Thursday.

On top of that, Google is increasing rewards for fuzz testing, an approach to bug hunting that throws random data at a product in an effort to locate problem inputs. "The additional bonus given to bugs found by fuzzers running under Chrome Fuzzer Program is also doubling to $1,000," the blog post said.

Bug bounties have become common as tech companies look for ways to keep their products from becoming a route to attacks that can be used to steal personal data, reach into corporate networks, hold computers hostage until a ransom is paid or simply crash the machine. But those who hunt for bugs have more options than payouts from the companies making the products. Governments and criminals also pay for exploits -- tools that can be used in activities like espionage and identity theft.

Since the Chrome Vulnerability Rewards Program's creation in 2010, Google said, people have reported over 8,500 bugs and Google has paid out over $5 million. 

That's a lot of money. But it's also not that big when you consider that hiring a good programmer in Silicon Valley can cost hundreds of thousands of dollars a year.

Google has specific rules about what qualifies as a "high quality report," which it details on its page.

Google Play, Google's Android software distribution site, also comes with bigger bounties. Rewards for remote code execution bugs have increased from $5,000 to $20,000, theft of insecure private data from $1,000 to $3,000, and access to protected app components from $1,000 to $3,000, the company said. If you "responsibly" disclose vulnerabilities to participating app developers, you'll get a bonus, according to Google. You can read about the program to learn more and see which apps qualify.

Watch this: Google working on Chrome pause button, Bill Gates calls himself a 'minor wizard'