Google on Friday announced paying $11.8 million in bug bounties to 660 researchers who reported security flaws via its vulnerability reward programs in 2024.
According to the internet giant, it has awarded more than $65 million in bug bounty rewards since establishing its first vulnerability reward program (VRP) in 2010.
The total amount, however, may be of approximately $71 million, as last year Google said it handed out $59 million between 2010 and 2023. SecurityWeek has emailed the company for clarification.
In 2024, Google revamped its reward structure, with bounties of up to $151,515 offered as part of Google VRP and Cloud VRP, of up to $300,000 available in Mobile VRP, and of up to $250,000 offered for critical Chrome vulnerabilities.
Google says it handed out $3.3 million in rewards to the researchers reporting vulnerabilities within Android and Google mobile applications last year, and that the number of critical- and high-severity bug submissions increased, amid a decrease in the total number of submissions.
Last year, the internet giant paid out $3.4 million in rewards to 137 researchers reporting valid security defects in Chrome, with the highest single reward being of $100,115, awarded for a MiraclePtr bypass. In August, Google increased the rewards for MiraclePtr bypasses to $250,128.
The internet giant received over 400 vulnerability reports after launching its Cloud VRP in October 2024, and handed out over $500,000 in researcher rewards. It handed out more than $290,000 in rewards for issues reported through its Abuse VRP.
As part of its AI bug bounty program, the company received over 150 bug reports, and paid out more than $55,000 in rewards.
It also handed out $370,000 in rewards as part of two bugSWAT events, including more than $87,000 for reports received during a live-hacking event targeting LLM products.
“In 2025, we will be celebrating 15 years of VRP at Google, during which we have remained fully committed to fostering collaboration, innovation, and transparency with the security community, and will continue to do so in the future,” Google notes.
Related: Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
Related: Microsoft Expands Copilot Bug Bounty Program, Increases Payouts
Related: Samsung Bug Bounty Program Payouts Reach $5M, Top Reward Increased to $1M
Related: Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program
About The Author
Original post here
