>
Someone made a lot of money in 2022 discovering vulnerabilities in Google products, the company has revealed.
The search engine giant recently released the results of its Vulnerability rewards programa bug bounty campaign that rewards ethical hackers who discover major flaws in its products and disclose them responsibly rather than allowing hackers to exploit them with malware (opens in new tab).
In total, the company paid out more than $12 million over the course of 2022 for approximately 2,900 vulnerabilities.
Errors in Android, Chrome and ChromeOS
One unique report stands out from Google’s report: A hacker discovered an exploit chain containing five separate vulnerabilities in Android: CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, CVE-2022 -20460. Google decided that the exploit chain warranted a $605,000 reward.
The person who discovered the exploit chain goes by the alias gzobqq, BleepingComputer reported, adding that the same person also earned $157,000 in 2021 for a critical exploit chain in Android. Both exploit chains were the highest bug bounty in Android at their respective times.
Looking specifically at Android, Google paid out $4.8 million in rewards last year. The three most active hackers reported 200, 150 and 100 bugs respectively.
In addition, the company paid out nearly $500,000 for 700 reports made through the Android Chipset Security Reward Program. ACSRP is a private bug bounty program reserved only for Android chipset manufacturers.
Google paid out $4 million for 363 bugs found in Chrome and 110 in ChromeOS.
Most major tech companies have bug bounty programs as they are a great way to encourage the wider cybersecurity community to participate in strengthening the world’s most popular software.
In August 2022, Microsoft reported that it had paid out $13.7 million in rewards to 330 security researchers in 46 countries. The biggest prize, under the Hyper-V Bounty program, was $200,000, the company added, while the average prize was about $12,000.
Apple, on the other hand, said it will pay out $20 million in 2022 through its bug bounty program, with an average reward in the product category of $40,000.
Through: Beeping computer (opens in new tab)