According to SecurityWeek, as part of a more robust vulnerability bounty program, Google will pay out higher rewards of up to $250,000 for the discovery of memory corruption flaws in the Chrome browser that are proven to allow remote code execution using a non-sandboxed process.
Google said additional bounties could also be provided for proof-of-concept code that enables RCE without impacting the renderer, and the company is offering up to $90,000 and up to $35,000 for reports of security flaws that could enable controlled writing in a non-sandboxed process or memory corruption, respectively.
Google also increased the rewards for reports demonstrating RCE in a high-privilege process and for reports demonstrating RCE in a sandboxed process to up to $85,000 and $55,000, respectively, although the base rewards for memory corruption were retained to encourage further research into discovered flaws.
The increased VRP for Chrome also includes a $250,128 reward for bypassing MiraclePtr bugs. The previous reward was $100,115.