Google doubles max ChromeOS bug bounty to $100k

After shelling out $2 million in rewards to security bounty hunters in 2015, Google announced today it is doubling the reward for reporting serious security flaws, raising the top bounty from $50,000 to $100,000.

Google has been pretty serious about its security on Chrome; it has had a bug-hunting bounty in place since 2010, eligible to hackers who find vulnerabilities on Chromebooks, the Chrome browser and Chrome OS.

Google distributed over $2m in security rewards to hackers last year.

Google distributed more than $2 million in security rewards to hackers last year.


The Chrome operating system hasn’t found as much success as Mac OS or Windows, but it has found a niche in schools. Its gradual growth, low cost and target audience has placed the operating system is in a unique position: By offering Chromebook laptops for as little as $150, the platform is a perfect low-cost option for emerging markets and first-time computer buyers. This makes the Chromebook attractive to people who wouldn’t traditionally be particularly vigilant on security, which makes getting security right on Chrome OS all the more important — and the bounty program is a key part of that.

The increase in the top-level reward program is aimed at “persistent compromise of a Chromebook in guest mode.” In other words: A Chromebook that is hacked in guest mode, and remains hacked after a reboot.

Google never had an opportunity to pay out the bounty when it stood at $50,000, but the wording of the target hints at why Google is making this type of exploit a priority: The company wants to get ahead of zero-day exploits. By increasing the bounty to $100,000 for the most egregious exploits, the company no doubt hopes it will be able to lure hackers its way so the Chrome team can resolve the issues, rather than letting more sinister forces buy access to the vulnerabilities.