"Google is now focusing on vulnerabilities with the highest user impact, and is prioritizing flaw categories that are more difficult for AI tools to find."
"We are shifting our program focus on Linux kernel vulnerabilities to Google-maintained components unless there is concrete proof of exploitability on Android or our devices."
"Moving forward, we are shifting our program's focus to prioritize concrete proof that a bug exists. We now consider the most effective reports to be concise."
"The base reward for memory safety issues is now $500, with multipliers for factors such as reachability and the level of exploitability."
Google has restructured its Vulnerability Reward Programs for Chrome and Android due to increased AI use in vulnerability discovery. The focus is now on high-impact vulnerabilities and flaw categories that are harder for AI to detect. The maximum rewards have increased significantly for certain exploits, while standard payouts for Chrome vulnerabilities have decreased. The company emphasizes concise, actionable reports and has adjusted base rewards for memory safety issues, reflecting a shift towards prioritizing proof of bug existence over lengthy reports.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]