6/10/2023 0 Comments The wild at heart bounties![]() Google has to date rewarded (and fixed) more than 2,000 security bug reports. It is employed by attackers for a range of reasons, from simply interfering with websites to launching phishing attacks and the scripts can even rewrite the content of the HTML page. ![]() XSS issues are of particular concern to Google, considering that an attacker sends a malicious link to an unsuspecting user if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. XSS issues in “normal” Google properties now yield $3,133.70, up from $500. In addition, it more than doubled the bug bounty from $3,133.70 to $7,500 then for finding cross-site scripting (XSS) flaws in sensitive web properties, and from $1,337 to $5,000 for XSS flaws in Gmail and Google Wallet. In June, the internet giant announced that it is now paying $7,500 for turning in “significant” authentication bypasses or information leaks in the company’s web properties, up from $5,000. This is the second major increase in rewards for vulnerability researchers this summer. We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software.” ![]() In many cases, this will be a 5x increase in reward level! We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity. In a nutshell, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. “Today, the Chromium program is raising reward levels significantly. Chris Evans and Adam Mein of Google’s security team laid out the felicitous news in a blog post: ![]()
0 Comments
Leave a Reply. |