According to SecurityWeek, as part of a more robust vulnerability bounty program, Google will pay out higher rewards of up to $250,000 for the discovery of memory corruption flaws in the Chrome browser that are proven to allow remote code execution using a non-sandboxed process.
Google said additional bounties could also be made available for proof-of-concept code that enables RCE without affecting the renderer. The company is also offering up to $90,000 and up to $35,000 for reports of vulnerabilities that could allow controlled writing in a non-sandboxed process and memory corruption, respectively. Google has also increased the bounties for reports showing RCE in a highly privileged process and in a sandboxed process to up to $85,000 and up to $55,000, respectively, although the base bounties for memory corruption have been maintained to encourage further investigation into discovered vulnerabilities.
The increased VRP for Chrome also includes a $250,128 reward for bypassing MiraclePtr bugs. The previous reward was $100,115.