- Google bug animated See 660 researchers obtain a share of $ 11.8 million in 2024
- Chrome and Android VRPs were lucrative
- Google’s VRP program will be 15 years old next year
Google revealed that it had paid $ 11.8 million in bonuses of bugs in 2024, the payments being extended to 660 security researchers, equivalent to a theoretical average of around $ 18,000 each.
Its highest payment in 2024 was $ 110,000, its total payment to date now amounting to $ 65 million since 2010.
Chrome researchers and those who reveal vulnerabilities in Android and other Google devices have represented around half of the 2024 payments, marking the company’s commitment to its most popular devices.
Google paid $ 12 million in bug bonuses last year
Some changes in last year structures have led to higher payment potentials, Google VRP now paying $ 151,515, $ 300,000 for mobile VRP, $ 151,515 for the VRP cloud and $ 250,000 for Chrome awards.
In a blog post, Dirk Göhmann from Google said that researchers contributing to the Android security and Google Devices security award and the Google Mobile vulnerability program obtained more than $ 3.3 million in rewards in 2024, adding that 8% less reports were recorded. However, the company has seen a minor increase of 2% of critical and high vulnerabilities.
In total, 337 unique reports were made to the VRP Chrome – 137 received rewards totaling an additional $ 3.4 million.
Google also celebrated the launch of a new category – 2024 was its first full year of AI bug bonuses, but the payments remained relatively low, at $ 55,000.
Other successes include two Bugswat events and four INIT.G workshops to support the next generation of safety researchers.
For the future, Göhmann noted that the company would celebrate 15 years of VRP in 2025 – it is not clear if modifications will be made to its VRP to commemorate this important step.
Göhmann added: “We want to send a huge thank you to our community of bug hunters for helping us make google products and platforms safer and safe for our users around the world – and invite researchers who have not yet engaged in the vulnerability reward program to join us in our mission to ensure Google safety!”
