- Google increased rewards to $1.5 million for high-profile Android exploits, prioritizing risks beyond AI-detectable flaws.
- The Chrome program now offers up to $250,000 for full-chain browser exploits, plus bonuses for Miracle Ptr bypasses.
- The company paid $17.1 million to researchers in 2025, with lifetime payments exceeding $81 million since 2010.
Google is now offering up to a $1.5 million bounty to anyone who can find the biggest, most malicious Android exploits – while “lesser” exploits – those that can be found and reported using AI – get a proportional downgrade.
Google engineers have announced changes to the company’s Android and Chrome vulnerability reward programs, saying they will now reward up to $1.5 million to anyone who can find a full-chain Pixel Titan M2 compromise without persistence clicking. Those who find the same bug, without the persistence part, can expect up to $750,000 in rewards.
“We are revising the scope of our program to emphasize categories that pose the highest risk to our users,” Google said. “We’re also prioritizing categories that remain harder to find for automated AI tools to ensure we’re rewarding researchers for their unique skills and talents. »
Article continues below
Chrome program redesign
In the future, the Android program will also focus more on Linux kernel vulnerabilities in Google-maintained components, with the exception of researchers being able to show that the flaws could be exploited on an Android device.
Chrome’s bounty program has also received an overhaul. Google is now giving up to $250,000 for full browser process exploits on the latest operating systems and hardware, and up to $250,128 in bonuses for a report that successfully exploits an allowance it believes is protected by Miracle Ptr.
Google’s bug bounty program paid out record sums last year, BeepComputer reports. Apparently, it gave $17.1 million to 747 researchers last year, an increase of more than 40% year-over-year and a record high.
In total, since the program launched in 2010, Google has paid out more than $81 million and expects the total amount for 2026 to be higher despite the reduction in individual reward amounts.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
