"Google awarded just over $3.7 million to more than 100 researchers who reported security defects in the Chrome browser. The top researcher earned $811,000 in bug bounties, the company's leaderboard shows. These efforts, the company says, helped strengthen the V8 engine's sandbox protections and improve memory safety mechanisms."
"More than 700 security researchers were rewarded via Google's vulnerability reward programs (VRPs) in 2025, when rewards of $250,000 were handed out to researchers who demonstrated full-chain sandbox escape attacks in Chrome. The 2025 amount marked a 40% increase in payouts compared to the previous year, when Google paid out $12 million to bug hunters."
"Our researchers' invaluable contributions led to the discovery and remediation of critical vulnerabilities, strengthening the security of Google Cloud for our users and customers. Insights gleaned from multiple reports prompted significant architectural changes in several Google Cloud products. Participants in Google's VRPs also showed increased interest in the company's cloud products and received over $3.5 million in bug bounties for their efforts."
Google's bug bounty programs paid out $17.1 million in 2025, representing a 40% increase from the previous year's $12 million. Over 700 security researchers participated, with rewards distributed across Chrome, Cloud, and Android platforms. Chrome received the largest allocation at $3.7 million across 100+ researchers, with the top researcher earning $811,000. The newly launched Cloud VRP distributed $3.5 million to 143 researchers for discovering vulnerabilities in Google Cloud services. Android and Google Devices programs awarded $2.9 million. These contributions strengthened V8 sandbox protections, improved memory safety mechanisms, and prompted architectural changes in cloud products. The cumulative payout over 15 years totals $81.6 million.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]