Google doubles max ChromeOS bug bounty to $100k

After shelling out $2m in rewards to security bounty hunters in 2015, Google announced today it is doubling the reward for reporting serious security flaws, raising the top bounty from $50k to $100k.

Google has been pretty serious about its security on Chrome, and has had a bug-hunting bounty in place since 2010, eligible to hackers who find vulnerabilities on Chromebooks, Chrome browser, and Chrome OS.

Google distributed over $2m in security rewards to hackers last year.

Google Launches Bug Bounty Program For Android With Rewards Up To $38,000 Apple has shut down the first fully-functional Mac OS X ransomware Google Introduces Two New Sub-$250 Chromebooks In India With 1M Sold In The Last Quarter, Google's Chromebooks Are A Hit With Schools

The Chrome operating system hasn’t found as much success as Mac OS or Windows, but it has found a niche in schools. Its gradual growth, low cost, and target audience has placed the operating system is in a unique position: By offering Chromebook laptops for as little as $150, the platform is a perfect low-cost option for emerging markets and first-time computer buyers. This makes the Chromebook attractive to people who wouldn’t traditionally be particularly vigilant on security, which makes getting security right on ChromeOS all the more important — and the bounty programme is a key part of that.

The increase in the top-level reward programme is aimed at ‘persistent compromise of a Chromebook in guest mode’. In other words: A Chromebook that is hacked in guest mode, and remains hacked after a reboot.

Google never had an opportunity to pay out the bounty when it stood at $50,000, but the wording of the target hints at why Google is making this type of exploit a priority: The company wants to get ahead of zero-day exploits. By increasing the bounty to $100,000 for the most egregious exploits, the company no doubt hopes it will be able to lure hackers its way so the Chrome team can resolve the issues, rather than letting more sinister forces buy access to the vulnerabilities.

Source: http://feedproxy.google.com/~r/Techcrunch/~3/lmpWpdct1Ss/