Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google overhauls Android and Chrome bug bounty programs

Commercial Activity
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Google overhauls its Android and Chrome vulnerability rewards programs, reshaping payout tiers for exploit research and raising top rewards to $1.5 million. The change matters because it increases incentives for the hardest zero-click and full-chain exploit work while reducing emphasis on easier-to-find flaws. Google also narrows submission expectations and Android scope to better align rewards with the most technically demanding issues.

Related Happenings

ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds

Technical Analysis
H score16 First: 04.06.2026 16:00 Last: 04.06.2026 16:00 Sources 1

About this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...

Microsoft security patch release for CVE-2026-41089

Security Patch Release
H score43 First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific

Campaign
H score34 First: 08.05.2026 18:08 Last: 08.05.2026 18:08 Sources 1

About this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...

Google expands Binary Transparency for Android for production app verification

Security Tool/Service
H score11 First: 06.05.2026 12:13 Last: 06.05.2026 12:13 Sources 1

About this happening: Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...

Timeline

  1. 05.05.2026 14:24 2 articles · 2mo ago

    Google raises Android and Chrome bug bounty rewards

    Initial Disclosure

    Google overhauls its Android and Chrome vulnerability rewards programs by increasing payouts for the hardest exploit scenarios and reducing emphasis on easier-to-generate writeups. The highest reward reaches $1.5 million for zero-click Pixel Titan M2 security chip full-chain exploits with persistence, while the same exploits without persistence can earn up to $750,000; Chrome full-chain browser process exploits on up-to-date operating systems and hardware can earn up to $250,000, plus a $250,128 bonus for successfully exploiting MiraclePtr-protected memory allocations. Google also shifts Chrome submissions toward concise bug proofs and essential artifacts, narrows Android focus to Linux kernel vulnerabilities in Google-maintained components unless researchers can show concrete exploitability on Android devices, and says the restructuring follows a 2025 bug bounty year that paid $17.1 million to 747 researchers, more than 40 percent above 2024.

    Show sources