Google shelled out $10 million in bug bounties in 2023

The Google Logo in Black and White under a sepia shade

What it’s essential know

  • A complete of 632 researchers from 68 international locations obtained bug bounty rewards final 12 months, with the very best single payout hitting $113,337.
  • Google expanded its Vulnerability Reward Program in 2023 to incorporate generative AI, internet hosting a dwell hacking occasion focusing on massive language fashions.
  • Important rewards got for vulnerabilities in Android and Google units, with an elevated most payout of $15,000 for essential points.

Google dished out $10 million to researchers worldwide in 2023 for sniffing out and safely flagging safety points in its services and products.

Final 12 months, 632 researchers from 68 totally different international locations obtained rewards, however the whole quantity was a bit much less in comparison with the $12 million that Google’s Vulnerability Reward Program awarded to researchers in 2022. The largest payout for a vulnerability report in 2023 reached $113,337, as per Google’s weblog put up.

In 2023, Google made a brand new addition to the VRP by together with generative AI. The search large hosted a dwell hacking occasion geared toward massive language fashions, the place researchers tried to coax secrets and techniques out of Bard, now Gemini, by feeding it particular prompts. Google raked in 35 experiences from this occasion, paying out over $87,000 in bounties.

Google spotlighted two main initiatives: “Hacking Google Bard – From Immediate Injection to Knowledge Exfiltration” and “We Hacked Google A.I. for $50,000”.

As for Android and Google’s personal units, the corporate awarded $3.4 million. The corporate additionally bumped up the utmost payout for essential vulnerabilities on this class to a candy $15,000.

Google additionally introduced Put on OS into this system, welcoming safety researchers to report bugs and vulnerabilities within the wearable platform. It handed out $70,000 for 20 essential discoveries in Put on OS and Android Automotive OS.

Google Chrome researchers additionally snagged a piece of the payout, bagging $2.1 million for 359 distinctive experiences. They addressed some longstanding points with V8 encoding that had slipped below the radar earlier than.

One other spotlight is the introduction of MiraclePtr in Chrome M116, geared toward safeguarding in opposition to non-renderer Use-After-Free UAF vulnerabilities.

After these flaws have been thought-about “extremely mitigated” with the introduction of MiraclePtr, Google rolled out a separate class of rewards particularly for bypassing the safety mechanism itself.

Google additionally awarded $116,000 for 50 experiences on points present in Nest, Fitbit, and wearables.

In the meantime, the corporate beefed up payouts for experiences of upper high quality, encouraging researchers to zero in on extra extreme points.

We use tools, such as cookies, to enable basic services and functionality on our site and to collect data about how visitors interact with our site, products, and services. By clicking Accept, you agree to our use of these tools for advertising, analytics and support.