Remote code execution flaws are particularly sought.
Google is to offer up to $250,000 in bug bounties for the discovery of memory corruption flaws in the Chrome browser.
As part of a more robust vulnerability reward program, the flaws must be able to achieve remote code execution (RCE) using a non-sandboxed process.
According to Security Week, additional bounties could also be provided for proof-of-concept code enabling RCE without renderer compromise, which will offer up to $90,000 - and up to $35,000 for reports detailing security flaws that could enable controlled write in a non-sandboxed process and memory corruption.
Also included in the strengthened VRP for Chrome is a $250,128 reward for MiraclePtr-bypassing flaws, up from the previous bounty of $100,115.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
