Google Paid Over $12 Million As Bug Bounty Rewards In 2022

In 2022, Google distributed $12 million as a reward by its bug bounty program. This involves a payout of $605,000, the most ever given by the firm.

“We’ve been ready to title and repair over 2,900 security concerns and continue to originate our products more true for our customers around the area”, Google.

“In 2022 we awarded over $12 million in bounty rewards – with researchers donating over $230,000 to a charity of their different”.

For Android:

Google released Vulnerability Reward Program (VRP) statistics in 2022, providing an account for of how the protection analysis neighborhood contributed to making the company’s products more true.

“The Android VRP had an incredible file-breaking year in 2022 with $4.8 million in rewards and the most effective seemingly paid document in Google VRP ancient past of $605,000!”, Google

The document by gzobqq that detailed an exploit chain for five Android concerns (CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, and CVE-2022-20460) received the most effective seemingly fee of $605,000.

The identical researcher made one other well-known Android exploit chain discovery in 2021, submitted it, and was once rewarded with $157,000 — the most attention-grabbing bug bounty in Android VRP ancient past on the time.

Main Researchers Who disclosed the Majority of the Vulnerabilities are:

• Aman Pandey of Bugsmirror – above 200 vulnerabilities
• Zinuo Han of OPPO Amber Security Lab – 150 vulnerabilities
• Yu-Cheng Lin – nearly 100 vulnerabilities

For Chrome Browser:

Reports remark the company paid a crammed with $4 million in 2022 for 110 security flaws in ChromeOS and 363 vulnerabilities within the Chrome browser. According to Google, Chrome VRP will launch up experimenting this year and can simply collected present extra probabilities for security flaws discovered within the browser and ChromeOS.

Better than 100 flaw hunters received bigger than $110,000 because of the Google’s reward blueprint for open-offer products, which was once offered in August 2022.

“Chrome VRP had one other unparalleled year, receiving 470 professional and weird and wonderful security bug reports, leading to a crammed with $4 million of VRP rewards”, Google

“Of the $4M, $3.5 million was once rewarded to researchers for 363 reports of security bugs in Chrome Browser and nearly about $500,000 was once rewarded for 110 reports of security bugs in ChromeOS”.

Google granted bigger than 170 security researchers grants totaling bigger than $250,000. To boot they piloted collaborative double VRP rewards obviously grantees final year, and originate bigger it a ways more in 2023.

“2023 could perhaps be the year of experimentation within the Chrome VRP! Please withhold a lookout for bulletins of experiments and doable bonus alternatives for Chrome Browser and ChromeOS security bugs”, says Google.

“In 2023 we hope to continue to grow this system with unique bug hunters and partner on more events centered on Android & Google Play apps”.