Google will now pay up to $1.5 million to find security bugs in Android and Chrome, and says it "very much appreciates collaborating with the research community."

Google increased rewards to $1.5 million for top-tier Android exploits, prioritizing risks beyond AI-detectable flaws
Chrome Program Now Offering Up to $250,000 for Full Browser Chain Exploits, Plus Bonuses for Bypassing Miracle Ptr
The company paid $17.1 million to researchers in 2025, and lifetime payments have exceeded $81 million since 2010.

Google is now offering up to $1.5 million in rewards to anyone who can find the biggest and worst Android exploits, while “minor” exploits, those that can be found and reported with AI, are receiving a proportional cut.

Google engineers announced changes to the company’s Android and Chrome vulnerability bounty programs, saying they will now reward up to $1.5 million to anyone who can find a zero-click full-chain compromise on Pixel Titan M2 with persistence. Those who encounter the same bug, without the persistence part, can expect up to $750,000 in rewards.

“We are reviewing the scope of our program to emphasize the categories that pose the greatest risk to our users,” Google said. “We are also prioritizing categories that continue to be harder to find for automated AI tools to ensure we reward researchers for their unique skills and talents.”

Article continues below.

Chrome Program Review

In the future, the Android program will also focus more on Linux kernel vulnerabilities in components maintained by Google, with the exception of researchers being able to demonstrate that the flaws could be exploited on an Android device.

The Chrome rewards program has also been revamped. Google is now awarding up to $250,000 for full browser process chain exploits on the latest operating systems and hardware, and up to a $250,128 bonus for a report that successfully exploits a mapping it believes is protected by Miracle Ptr.

Google’s bug bounty program paid out record sums last year, beepcomputer information. It reportedly donated $17.1 million to 747 researchers last year, a year-over-year increase of more than 40% and an all-time high.

In total, since the program began in 2010, Google has paid out more than $81 million and expects the total amount by 2026 to be higher despite reducing individual reward amounts.

Through beepcomputer

The best antivirus for all budgets

Google logo on black background next to text that says

Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.

Google will now pay up to $1.5 million to find security bugs in Android and Chrome, and says it “very much appreciates collaborating with the research community.”

Leave a Comment Cancel Reply

Must Read

Leave a Comment Cancel Reply