Somebody made some huge cash discovering vulnerabilities in Google merchandise in 2022, the corporate has revealed.

The search engine big just lately disclosed the outcomes of its Vulnerability Reward Program, a bug bounty marketing campaign that rewards moral hackers who uncover main flaws in its merchandise and disclose them responsibly as a substitute of giving hackers a chance to abuse them with malware (opens in new tab). 

In complete, the corporate paid out greater than $12 million for roughly 2,900 vulnerabilities over the course of 2022.

Flaws in Android, Chrome, and ChromeOS

One distinctive report stands out in Google’s report – a hacker found an exploit chain, involving 5 separate vulnerabilities in Android – CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, CVE-2022-20460. Google determined the exploit chain warranted a $605,000 reward. 

The one that found the exploit chain goes by the alias gzobqq, BleepingComputer reported, including that the identical individual earned $157,000 in 2021, as properly, for a essential exploit chain in Android. Each these exploit chains had been the very best bug bounty in Android at their respective instances. 

Taking a look at Android particularly, final yr Google paid out $4.eight million in rewards. The three most energetic hackers reported 200, 150, and 100 bugs, respectively.

Moreover, the corporate paid out nearly $500,000 for 700 stories completed by means of the Android Chipset Safety Reward Program. ACSRP is a personal bug bounty program reserved just for Android chipset producers. 

For 363 flaws found in Chrome, and 110 in ChromeOS, Google paid out $Four million.

Most main tech firms function bug bounty applications, as they’re an effective way to incentivize the broader cybersecurity neighborhood to take part within the strengthening of the world’s hottest software program. 

In August 2022, Microsoft reported paying out $13.7 million in rewards, to 330 safety researchers throughout 46 nations. The most important award, below the Hyper-V Bounty Program, was $200,000, the corporate added, whereas the typical award was roughly $12,000.

Apple, then again, mentioned it paid out $20 million through its bug bounty program in 2022, with the typical reward within the product class being $40,000.

• Listed here are the perfect firewalls (opens in new tab) in the present day

By way of: BleepingComputer (opens in new tab)