Google has recently announced the expansion of its payment program rewards for identifying vulnerabilities in the Android platform, Chrome browser, and underlying components. The maximum award for creating an exploit for the Android platform has been increased to $1.5 million if the attacker manages to gain a foothold in the system, and $750 thousand for attacks that do not establish permanent control. Additionally, awards have been established for the extraction of protected confidential data (up to $375 thousand) and software bypass of the lock screen (up to $150 thousand).
For Chrome, the maximum reward for creating an exploit has been increased to $250 thousand. A bonus of $250 thousand is provided if the exploitation affects memory operations protected using the MiraclePtr mechanism. MiraclePtr provides a pointer wrapper that performs additional checks and crashes if freed memory is detected.
Google is also offering bonuses for Chrome vulnerabilities such as up to $10 thousand for bypassing isolation between sites or JavaScript access control (XSS), up to $5,000 for bypassing storage restrictions, exploiting the rendering process, extracting user information, and spoofing URLs in the address bar. Additionally, for Chrome OS-specific vulnerabilities, bonuses of up to $30,000 have been established, plus $10,000 for developing a fix.