Google paid the highest bug bounty ever last year
The company has revealed that someone made a lot of money discovering vulnerabilities in Google products in 2022.
The search engine giant recently revealed its results Vulnerable Rewards Programa bug bounty campaign that rewards ethical hackers who discover major bugs in their products and responsibly disclose them instead of providing an opportunity for hackers to abuse them with malware (opens in a new tab).
In total, the company spent more than $12 million on about 2,900 vulnerabilities over the course of 2022.
Vulnerability in Android, Chrome and ChromeOS
The only one featured in the Google report – a hacker discovered a chain of exploits, related to 5 separate vulnerabilities in Android – CVE-2022-20427, CVE-2022-20428, CVE-2022 -20454, CVE-2022-20459, CVE-2022 -20460. Google has decided the mining chain guarantees a $605,000 reward.
The person who discovered the mining chain with the alias gzobqq, BleepingComputer reported, adding that the same person also made $157,000 in 2021 for a key mining chain in Android. Both of these mining chains had the highest bug bounty in Android at the time respectively.
Looking specifically at Android, last year Google paid out $4.8 million in bonuses. The three most active hackers reported 200, 150 and 100 bugs, respectively.
Furthermore, the company paid nearly $500,000 for 700 reports made through the Android Chipset Security Rewards Program. ACSRP is a separate bug bounty program available only to Android chipset manufacturers.
For 363 bugs discovered in Chrome and 110 bugs in ChromeOS, Google paid $4 million.
Most major tech companies run bug bounty programs, as they’re a great way to incentivize the broader cybersecurity community to get involved in bolstering the world’s most popular software.
In August 2022, Microsoft reportedly paid out $13.7 million in bounties to 330 security researchers across 46 countries. The biggest prize in the Hyper-V Bounty Program is $200,000, the company adds, while the average prize is around $12,000.
Apple, on the other hand, says it paid out $20 million through its bug bounty program in 2022, with the average reward across the product category being $40,000.
Through: BleepingComputer (opens in a new tab)