Google beefs up Chrome bug bounty program

Share This Post



Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program, according to SecurityWeek.

Additional bounties could also be provided for proof-of-concept code enabling RCE without renderer compromise, according to Google, which will also offer up to $90,000 and up to $35,000 for reports detailing security flaws that could enable controlled write in a non-sandboxed process and memory corruption, respectively. Google has also upgraded rewards for reports demonstrating RCE in a highly-privileged process and those showing RCE in a sandboxed process to up to $85,000 and up to $55,000, respectively, although memory corruption baseline rewards have been maintained to encourage further research into discovered flaws. Also included in the strengthened VRP for Chrome is a $250,128 reward for MiraclePtr-bypassing flaws, up from the previous bounty of $100,115.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch