Google has expanded its vulnerability reward program to include Chrome apps and extensions that were developed directly by the internet and technology company, as well as upped the bounties offered as part of its Patch Reward Program.
“We think developing Chrome extensions securely is relatively easy (given our security guidelines are followed), but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly,” according to a blog post by Eduardo Vela Nava and Michal Zalewski of the Google Security Team.
Those who properly disclose vulnerabilities, as per Google’s reporting format, stand to earn anywhere from $500 to $10,000 depending on the “permissions and the data each extension handles,” according to the post.
Meanwhile, researchers will now earn more for finding bugs as part of Google’s Patch Reward Program, including compensation of $10,000 for digging up and reporting on complicated and high-impact issues that can lead to major flaws.
People will earn $5,000 for reporting on moderately complex issues that offer solid security benefits, and between $500 and $1,337 for reports on simple vulnerabilities that are fairly beneficial.
“The [Patch Reward Program] encourages and honors proactive security improvements made to a range of open-source projects that are critical to the health of the Internet in the recognition of the painstaking work that’s necessary to make a project resilient to attacks,” according to the post.
A Google representative did not respond to queries posed by SCMagazine.com on Thursday regarding recent initiatives taken by the company to fortify Chrome, but in 2014 Google has already addressed settings hijacking issues and malicious Chrome extensions.
Additionally, the Pwnium 4 contest will take place on March 12, which will reward people who report on vulnerabilities in a bid to improve security of the Chromium project.