Google will now pay up to $1.5 million for finding Android and Chrome security bugs

• Google raised rewards to $1.5m for top‑tier Android exploits, prioritizing risks beyond AI‑detectable flaws
• Chrome’s program now offers up to $250K for full chain browser exploits, plus bonuses for Miracle Ptr bypasses
• The company paid $17.1m to researchers in 2025, with lifetime payouts exceeding $81m since 2010

Google is now offering up to $1.5 million in bounty to whoever can find the biggest, baddest, Android exploits – whereas “lesser” exploits – ones that can be found and reported on with AI, are getting a proportional downgrade.

Google’s engineers announced changes to the company’s Android and Chrome vulnerability rewards programs, saying they will now reward up to $1.5 million to anyone who can find a zero-click full chain Pixel Titan M2 compromise with persistence. Those that find the same bug, sans the persistence part, can expect up to $750,000 in rewards.

“We are revising our program scope to emphasize categories that represent the highest risk to our users,” Google said. “We are also prioritizing categories that remain more challenging for automated AI tooling to find to ensure we reward researchers for their unique skills and talents.”

Article continues below

Overhauling the Chrome program

Going forward, the Android program will also be more focused on Linux kernel vulnerabilities in components that Google maintains, with the exception of researchers being able to show the flaws could be exploited on an Android device.

Chrome’s bounty program has also gotten an overhaul. Google is now giving up to $250,000 for full chain browser process exploits on the latest operating systems and hardware, and up to $250,128 bonus for a report that successfully exploits an allocation it believes to be protected by Miracle Ptr.

Google’s bug bounty program has paid out record sums last year, BleepingComputer reports. Apparently, it gave $17.1 million to 747 researchers last year, up more than 40% year-on-year, and hitting an all-time high.

In total, since the program started in 2010, Google has paid out more than $81 million and expects that the total amount for 2026 will be higher despite reducing individual reward amounts.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.