Google company on an increase in the amounts accrued under rewards for identifying vulnerabilities in the Chrome browser and its underlying components.
The maximum payout for creating an exploit to get out of the sandbox environment has been increased from $15 to $30, for
a method to bypass access control in JavaScript (XSS) from 7.5 to 20 thousand dollars, for organizing remote code execution at the level of the rendering system from 7.5 to 10 thousand dollars, for detecting information leaks - from 4 to 5-20 thousand dollars. Payments have been introduced for methods of spoofing in the user interface ($7500), privilege escalation in the web platform ($5000), and bypassing protection against exploitation of vulnerabilities ($5000). Payments for preparing a high-quality and basic description (a test for the manifestation of the problem and a chrome version) of a vulnerability without demonstrating an exploit have been doubled.
In addition, researchers are given the opportunity to publish the application in stages - at first they can report the very fact of the vulnerability, and later provide an exploit to receive a higher reward. Also, the bonus payout for identifying a vulnerability using Chrome Fuzzer has been increased to $1000.
For Chrome OS, the amount for an exploit to fully compromise a Chromebook or Chromebox from guest access mode has been increased to $150. Added new payouts for vulnerabilities in the firmware and screen lock system.
В bounty for vulnerabilities in from Google Play, the cost of information about a remotely exploited vulnerability has been increased from $5 to $20; data leakage and access to protected components have been increased from $1000 to $3000.
Source: opennet.ru