The highest potential reward amount for a single issue is now $250,000 for demonstrated remote code execution (RCE) in a non-sandboxed process.
Google's new reward structure for memory corruption bugs focuses on four categories: high-quality reports demonstrating RCE, controlled writes, memory corruption, and baseline reports.
Ressler stated, "While the reward amounts for baseline reports of memory corruption will remain consistent, we have increased reward amounts in the other categories."
The new VRP reflects a push for deeper research into Chrome vulnerabilities, moving away from a fixed rewards list to encourage comprehensive reporting.
Collection
[
|
...
]