Google has again bumped up payouts for its web vulnerability rewards program.
As a result of the changes, the reward for cross-site scripting (XSS) flaws will be bumped up, depending on what services are affected. For those on accounts.google.com, the reward has been boosted to US$7,500 from US$3,133.70.
For "highly sensitive services", such as Gmail and Google Wallet, the reward is now US$5,000, up from US$1,337. Any other XSS flaws on Google's properties attract $3,133.70, an increase from the former US$500 reward.
In addition to the bounties offered for XSS flaws, Google also bumped up the value of rewards for "significant authentication bypasses/information leaks" to US$7,500 from $5,000.
Google has been progressively increasing its bug bounties over the past few years, such as quintupling its maximum bounty possible in April last year, and increasing cash incentives for its Chromium vulnerability rewards program later in August.