Google has recently announced a major revision of its reward programs dedicated to researchers who identify security vulnerabilities in Android and Chrome.
The updated strategy aims to rewarding high-profile discoveries, offering million-dollar payoffs for the most critical vulnerabilities.
At the same time, there is a downward recalibration for those vulnerabilities that have become easier to discover, a phenomenon mainly due to the rapid diffusion of artificial intelligence.
This decision reflects the aim to maintain an extremely high level of protection, rewarding real technical effort and human ingenuity in the face of ever more complex defensive barriers.
The top reward reaches an impressive figure of $1.5 million. This amount is reserved for exceptionally challenging attack scenarios, in particular zero-click exploits aimed at the security chip Pixel Titan M2 that manage to maintain persistence in the system.
This is the technically most challenging operation envisaged by the project as a whole. If the same attack is carried out without guaranteeing persistence, the financial reward still reaches $750,000.
Turning to the Chrome side, full process compromises on updated operating systems and hardware can earn you $250,000. This amount can be augmented by an additional $250,128 bonus if the analyst successfully bypasses memory allocations protected by the MiraclePtr technology.
The company emphasised that certain high-impact compromises remain extremely difficult to implement, expressing deep gratitude to independent experts for their valuable investigative work.
A crucial aspect of the reorganization concerns the impact of new generative technologies. Regarding Chrome, the current guidelines require essential documentation, focused exclusively on the technical proofs and the fundamental artifacts that demonstrate the true nature of the bug.
The long analytical textual reports lose usefulness, since modern algorithms can now generate them automatically. Additionally, the company’s internal tools have evolved to the point where they can explain and suggest fixes autonomously.
On the mobile front, the focus narrows toward the Linux kernel vulnerabilities in the components directly managed by the company, unless researchers demonstrate a concrete and direct exploitability on physical devices.
The restructuring of the incentive system comes at the end of an unprecedented year. During 2025, $17.1 million were distributed to 747 different professionals. This represents an increase of over 40% compared to 2024, marking the highest level reached to date.
Since the project’s inception in 2010, total disbursements have far surpassed the threshold of $81.6 million.
Despite the reduction of amounts for minor flaws, official estimates for 2026 indicate that total spending on rewards will continue to rise, underscoring the crucial importance of preventive security in the development of modern digital ecosystems.
Amazon has officially wasted no time announcing the dates of the twelfth edition of Prime…
I must admit: when I started using the Xiaomi 17T Pro I was very curious,…
The introduction of artificial intelligence into everyday services does not always yield the expected results.…
The wait for the next generation of foldable smartphones signed by Samsung is coming to…
Huawei has officially unveiled the new Nova 16 family, a range that aims to redefine…
A transatlantic flight that was supposed to connect New Jersey to the Balearic Islands turned…