Google bug bounty program will now pay you more than you can image – So get ready!
Since launching its bugs bounty program in 2010, Google has paid over $6 million to security researchers who have been finding bugs. The company still wants to appreciate the investigators and they have shown it by making two changes to their program: the first one is that they have increased the top reward for Chromebooks and have also added a new bounty.
Bug bounty programs are run by tech companies and many others in separate sectors to help themselves figure out if there are any security flaws in their systems, through allowing researchers to do it. It has been an excellent and fruitful addition to the existing internal security programs so much so that the US Defence Ministry recently launched its own version of the bugs’ bounty program. This program allows hackers and researchers to look actively for insecurities and flaws in a system and instead of using the flaws with the malicious intent they can submit them to the parent company, and they get a reward for it.
Google introduced a $50,000 bounty for Chromebook last year. There has been a persistent compromise of Chromebook in guest mode. But strangely the company’s security team responsible for the program say that there has been no submission of anything since. In a bid to stimulate further research and an in-depth one, Google has increased the bounty reward by doubling it to $100,000. This shows that the company is valuing the researchers since if the flaw has not been found yet, it probably means it is harder to look for right now.
Google declared in a statement, “That said, great research deserves great awards, so we are putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.” Google has also added another bounty called the Download Protection Bypass Bounty. The company is giving rewards for the methods that can bypass Chrome’s Safe Browsing download protection features.
They gave the reward rules as follows:
- Safe browsing must be enabled on Chrome and have an up to date database.
- Safe Browsing servers must be reachable on the network
- Binary must land in location user is likely to execute (e.g. Downloads folder)
- The user can’t be asked to change the file extension or recover it from the blocked download list.
- Any gestures required must be likely and reasonable for most users. As a guide, execution with more than three reasonable user gestures is unlikely to qualify, but it’ll be judged on a case by case basis. The user can’t be expected to bypass warnings.
- The download should not send a download protection ping back to safe browsing. Download protection ping can be measured by checking increments to counters.
- The binary’s hosting domain any signature cannot be on a whitelist.
Safe browsing is a method whereby it provides lists of phishing websites to Firefox, Chrome and Safari browsers.