Google adds their Chrome apps and extensions to bug bounty

Summary:The company is also increasing the bounties for patches of major open source projects.

Google has expanded the scope of their bug bounty program to include Google-created apps and extensions for Chrome.

At the same time the company increased "substantially" the rewards they pay out as part of their Patch Rewards program. This program pays out rewards for fixes to vulnerabilities in a set of significant open source projects, such as the Linux kernel, OpenSSL, Sendmail and libxml2.

The Vulnerability Reward Program, Google's main bug bounty, will now accept vulnerability submissions for Chrome apps and extensions developed and branded as "by Google." Google says developing such apps and extensions securely is relatively easy, especially if you follow their security guidelines, but these apps and extensions are popular and important enough that they receive a high level of scrutiny.

The reward levels will range from $500 to $10,000 and you may make submissions at goo.gl/vulnz.

Google also increased the rewards for patches to a set of high-profile open source projects on which they and many other developers rely. The new reward structure is:

  • $10,000 for complicated, high-impact improvements that almost certainly prevent major vulnerabilities in the affected code.
  • $5,000 for moderately complex patches that provide convincing security benefits.
  • Between $500 and $1,337 for submissions that are very simple or that offer only fairly speculative gains.

Topics: Security, Google

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.