Home > Cyber News > Google Is Now Paying $1.5M for Full Chain RCE Exploit

Google Is Now Paying $1.5M for Full Chain RCE Exploit

Great news for bug bounty hunters – Google has announced that its Android Security Rewards (ASR) program is increasing its payouts. The highest bounty is now $1.5 million.

Did you know? The Android Security Rewards (ASR) program was created in 2015 to reward researchers who discover and report security bugs in Android. Over the past 4 years, Google has awarded more than 1,800 reports.
The total amount of rewards is four million dollars.

Google Is Expanding Its Android Security Rewards Program

The tech giant is now expanding the ASR program, and is introducing “a top prize of $1 million” which would be given to a researcher who discovers a full chain remote code execution exploit with persistence against the Titan M component on Pixel Devices. In addition, Google is launching another program that offers 50% bonus for exploits in specific developer preview Android versions.

This makes the top prize $1.5 million, the official announcement said.

Related: [wplinkpreview url=”https://sensorstechforum.com/unpatched-android-zero-day-disclosed/”] Researchers Disclose Unpatched Android Zero-Day

Google has also added several other categories of exploits to ASR, including data exfiltration and lockscreen bypass exploits, which will be paid up to $500,000 according to the category.

The biggest payout so far has been given to Guang Gong of Alpha Lab, Qihoo 360 Technology, for a 1-click remote code execution exploit chain on the Pixel 3 device. The researcher received $161,337 from the ASR program, and $40,000 by Chrome Rewards Program. In total, Gong received a payment of $201,337, which is the highest reward for a single exploit chain across all Google VRP programs.

The changes in the bug bounty program are valid from November 21, and any reports submitted prior to this date will be evaluated according to the previous pay list.

Just last month, an unpatched Android bug was disclosed by Google Project Zero researcher Maddie Stone. Owners of Huawei, Xiaomi, Samsung, LG and Google phones are affected by the flaw, described as a use-after-free memory condition in the Android Binder component, which can result in escalation of privileges.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree