Google has released the results of its Vulnerability Reward program, which rewards ethical hackers for bugs and vulnerabilities found in the company’s products. In 2022 this figure reached a record — more than $12 million for more than 2900 vulnerabilities found.
Interestingly, the company paid the largest reward for identifying a chain of exploits using five separate vulnerabilities in Android — $605,000. This specialist turned out to be a man known by the nickname gzobqq, and in 2021 he also identified another exploit chain in Android, which brought him $157,000. Both of these rewards at one time were record-breaking for finding errors in Android.
The company paid $4.8 million in rewards for the Android segment. The most active experts reported 200, 150, and 100 vulnerabilities, respectively.
Google also paid around $500,000 for 700 vulnerabilities uncovered as part of a closed ACSRP initiative focused on boosting Android chipsets security. Google rewarded hackers $4 million for 363 vulnerabilities discovered in the Chrome browser and 110 vulnerabilities discovered in the Chrome OS platform.
In comparison, Microsoft revealed in August last year that it paid $13.7 million to 330 professionals in 46 countries — the highest payment was $200,000, and the average was $12 000. In 2022, Apple gave out $20 million under a similar scheme, with awards averaging $40,000.