Google overhauls Android and Chrome bug bounty programs
Commercial Activity
Summary
Hide ▲
Show ▼
Google overhauls its Android and Chrome vulnerability rewards programs, reshaping payout tiers for exploit research and raising top rewards to $1.5 million. The change matters because it increases incentives for the hardest zero-click and full-chain exploit work while reducing emphasis on easier-to-find flaws. Google also narrows submission expectations and Android scope to better align rewards with the most technically demanding issues.
Related Happenings
Microsoft security patch release for CVE-2026-41089
Security Patch Release
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Android 17 expands platform security and privacy protections
Security Tool/Service
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
Google expands Binary Transparency for Android for production app verification
Security Tool/Service
First: 06.05.2026 12:13
Last: 06.05.2026 12:13
Sources 1
About this happening:
Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...
Google expands Binary Transparency for Android for production app verification
Security Tool/ServiceAbout this happening: Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...
Google expands Gemini AI for malicious ad blocking on Google Ads
Security Tool/Service
First: 16.04.2026 18:24
Last: 16.04.2026 18:24
Sources 1
About this happening:
**Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...
Google expands Gemini AI for malicious ad blocking on Google Ads
Security Tool/ServiceAbout this happening: **Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...
Timeline
-
05.05.2026 14:24 2 articles · 22d ago
Google raises Android and Chrome bug bounty rewards
Initial DisclosureGoogle overhauls its Android and Chrome vulnerability rewards programs by increasing payouts for the hardest exploit scenarios and reducing emphasis on easier-to-generate writeups. The highest reward reaches $1.5 million for zero-click Pixel Titan M2 security chip full-chain exploits with persistence, while the same exploits without persistence can earn up to $750,000; Chrome full-chain browser process exploits on up-to-date operating systems and hardware can earn up to $250,000, plus a $250,128 bonus for successfully exploiting MiraclePtr-protected memory allocations. Google also shifts Chrome submissions toward concise bug proofs and essential artifacts, narrows Android focus to Linux kernel vulnerabilities in Google-maintained components unless researchers can show concrete exploitability on Android devices, and says the restructuring follows a 2025 bug bounty year that paid $17.1 million to 747 researchers, more than 40 percent above 2024.
Show sources
- Google now offers up to $1.5 million for some Android exploits — www.bleepingcomputer.com — 05.05.2026 14:24
- Google now offers up to $1.5 million for some Android exploits — www.bleepingcomputer.com — 05.05.2026 14:24