Chromium Blog
News and developments from the open source browser project
Celebrating Six Months of Chromium Security Rewards
Tuesday, July 20, 2010
It has been approximately six months since we launched the
Chromium Security Reward program
. Although still early days, the program has been a clear success. We have been notified of numerous bugs, and some of the participants have made it clear that it was the reward program that motivated them to get involved with Chromium security.
We maintain a list of issued rewards on the
Chromium security page
. As the list indicates, a range of researchers have sent us some great bugs and the rewards are flowing! This list should also help answer questions about which sort of bugs might qualify for rewards.
Today, we are modifying the program in two ways:
The maximum reward for a single bug has been increased to
$3,133.7
. We will most likely use this amout for
SecSeverity-Critical
bugs in Chromium. The increased reward reflects the fact that
the sandbox
makes it harder to find bugs of this severity.
Whilst the base reward for less serious bugs remains at $500, the panel will consider rewarding more for high-quality bug reports. Factors indicating a high-quality bug report might include a careful test case reduction, an accurate analysis of root cause, or productive discussion towards resolution.
Thanks to everyone who contributes to Chromium security, and here’s looking forward to our first elite entrant!
UPDATE
: We've had a few questions about whether we pay rewards in cases where the bug comes to us via a vulnerability broker. Bugs reported in this way are not likely to generate Chromium rewards. We encourage researchers to file bugs directly with us, as doing so helps us get started sooner on fixes and removes questions about who else may have access to the bug details. We'd also remind researchers that we don't necessarily require a working exploit in order to issue a reward. For example, evidence of memory corruption would typically be sufficient.
Posted by Chris Evans, Google Chrome Security
Labels
$200K
1
10th birthday
4
abusive ads
1
accessibility
1
ad blockers
1
ad blocking
2
advanced capabilities
1
android
1
anti abuse
1
anti-deception
1
background periodic sync
1
badging
1
benchmarks
1
beta
21
billing
1
birthday
4
blink
2
browser
2
browser interoperability
1
bundles
1
capabilities
6
capable web
1
cds
1
cds18
2
cds2018
1
chrome
27
chrome ads
1
chrome apps
4
chrome dev summit
1
chrome dev summit 2018
1
chrome dev summit 2019
1
chrome developer
1
Chrome Developer Center
1
chrome developer summit
1
chrome devtools
1
Chrome extension
1
Chrome Frame
1
Chrome lite
1
Chrome on Android
1
chrome privacy
3
chrome security
4
chrome web store
29
chromedevtools
1
chromeframe
3
chromeos
3
chromium
4
cloud print
1
coalition
1
coalition for better ads
1
contact picker
1
content indexing
1
cookies
1
csrf
1
css
1
dart
8
dashboard
1
Data Saver
3
Data saver desktop extension
1
day 2
1
deceptive installation
1
declarative net request api
1
design
1
Developer Program Policy
1
devtools
13
discoverability
1
DNS-over-HTTPS
2
DoH
2
emscriptem
1
enterprise
1
extensions
27
faster web
1
features
1
feedback
2
field data
1
frameworks
1
fugu
2
fund
1
funding
1
gdd
1
google earth
1
google io 2019
1
google web developer
1
googlechrome
12
harmful ads
1
html5
11
iframes
1
images
1
incognito
1
intent to explain
1
ios
1
javascript
5
lab data
1
lazy-loading
1
lighthouse
2
linux
2
Lite Mode
2
Lite pages
1
loading interventions
1
loading optimizations
1
mac
1
manifest v3
1
mobile
2
na
1
native client
8
native file system
1
New Features
5
notifications
1
octane
1
open web
4
origin trials
2
pagespeed insights
1
pagespeedinsights
1
payments
1
performance
3
performance tools
1
permission UI
1
play store
1
portals
3
privacy
1
privacy sandbox
1
progressive web apps
2
Project Strobe
1
protection
1
pwa
1
quieter permissions
1
releases
3
removals
1
rlz
1
safe browsing
1
security
34
site isolation
1
slow loading
1
sms receiver
1
spdy
2
spectre
1
speed
1
ssl
2
store listing
1
strobe
1
subscription pages
1
suspicious site reporter extension
1
tools
1
transparency
1
trusted web activities
1
twa
2
user data policy
1
v8
6
wasm
1
web
1
web apps
1
web assembly
1
web intents
1
web packaging
1
web request api
1
web.dev
1
webapi
1
webassembly
1
webaudio
3
webgl
7
webkit
5
webmaster
1
webp
5
webrtc
5
websockets
5
webtiming
1
writable-files
1
yerba beuna center for the arts
1
Archive
2020
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Feed
Follow @ChromiumDev
Give us feedback in our
Product Forums
.
