Google expands Chromium Security Rewards Program

Google's definitely doing all that it takes to get rid of bugs and other defects on their Chrome browser, and the sheer success of their Chromium Security Rewards program, which they launched a little over two years ago, is just an extension of that thought. In an official post on the Chromium blog, Google has revealed its plan of expanding their Chrome Security Rewards Program to cover the crucial, severe Chromium OS bugs. Google, according to this post will pay a base reward of $2,000 for "well-reported, significant cross-origin bugs, such as a Universal XSS flaw, while issuing “bonuses” ranging from $500 to $1000, if a bug reporter is willing to fix the bug, they have found, themselves. However, to be eligible for the latter, the reporter will have to work with the Chromium community and develop a peer reviewed patch, and these bonuses, according to the post will be an added advantage above the base reward and it usually is between $500 and $3133.70.

Chromium OS - powered by the Google Chrome browser

Google have in the post clearly stated that they're expanding the scope of their rewards program, accommodating more worthy mentions, which according to the post, include:

"- High-severity Chromium OS security bugs are now in scope. Chromium OS includes much more than just the Chromium browser, so we’re rewarding security bugs across the whole system, as long as they are high severity and present when “developer mode” is switched off. Examples of issues that may generate a reward could include (but are not limited to):

• Renderer sandbox escapes via Linux kernel bugs.
• Memory corruptions or cross-origin issues inside the Pepper Flash plug-in.
• Serious cross-origin or memory corruption issues in default-installed apps, extensions or plug-ins.
• Violations of the verified boot path.
• Web- or network-reachable vulnerabilities in system libraries, daemons or drivers."

Google also expresses their delight over the constant progress made by the program, since its inception. The post further states that over the course of its existence, the program has been receiving a variety of bugs, covering almost every component, including system software (Windows kernel / Mac OS X graphics libraries / GNU libc) to Chromium / WebKit code and to popular open source libraries (libxml, ffmpeg).

To read the entire post, click here.