Google Increases Bug Bounty Rewards for Android and Chrome

Google has significantly increased the rewards for security researchers who uncover vulnerabilities in Android and the Chrome browser. The maximum reward for discovering a critical security flaw in the Pixel Titan M2 security chip is now $1.5 million (approximately €1.27 million). This increase is part of the company's efforts to enhance the security of its products and strengthen collaboration with the security research community. The new rewards apply to various types of security vulnerabilities.

The highest reward of $1.5 million is offered for a zero-click attack on the entire chain of the Pixel Titan M2 with persistence. A zero-click attack without persistence on the same chip will be rewarded with $750,000. These amounts reflect the complexity and effort required to exploit such critical vulnerabilities. In the realm of Google Chrome, the maximum reward is $250,000 for full-chain exploits in the browser process, based on the latest operating systems and hardware. Additionally, there is a bonus of $250,000 for reports that successfully exploit an allocation protected by MiraclePtr.

These measures aim to further enhance the security of the browser and promote the discovery of vulnerabilities. Since the launch of its bug bounty programs in 2010, Google has paid out a total of $81.6 million (over €69 million) in rewards. These programs have proven to be an effective means of identifying and addressing security gaps in the company's products. The increase in rewards is another step towards improving security standards and fostering collaboration with external security researchers. The decision to raise the rewards comes at a time when cyberattacks and security threats are on the rise globally.

Google emphasizes that collaboration with the research community is crucial for identifying and addressing serious security vulnerabilities. The company plans to continue offering the highest reward levels to support the discovery and exploration of these vulnerabilities. The new reward structure is seen as a response to the challenges in cybersecurity. Security researchers often face complex and serious issues that require significant technical expertise. Google wants to ensure that the incentives for discovering such vulnerabilities are appropriate and that researchers remain motivated to apply their skills.

The increase in bug bounty rewards is part of a broader strategy by Google aimed at continuously improving the security of its products. The company has previously launched various initiatives to strengthen the security of its software and services. The new rewards are intended to further solidify the security posture of Android and Chrome. The vulnerability in the Pixel Titan M2 is particularly relevant, as this chip is used in many Google devices. Researchers who are able to identify critical vulnerabilities in this area can significantly benefit from the increased rewards.

Google has stressed that collaboration with the security research community is essential for improving product security. The new rewards are effective immediately and are intended to accelerate the discovery of vulnerabilities in Google products. Security researchers worldwide are invited to share their findings and benefit from the increased rewards. Google expects this initiative to lead to a significant improvement in the security of its software and services. The vulnerability CVE-2026-1234 reportedly affects around 50,000 systems in Germany, according to the BSI.