Google Pays $11.8 Million to Hackers as Critical Security Flaws Rise

In a bold move to strengthen its defenses against cyber threats, Google disbursed nearly $12 million in 2024 to over 600 security researchers worldwide for finding vulnerabilities in its products and services. This substantial bug bounty payout comes as the tech giant faces a steady stream of zero-day attacks on Android devices, frequent vulnerabilities in Chrome, and sophisticated browser syncjacking attempts.

According to a Google security blog post published on March 7 by technical writer Dirk Göhmann, the company’s bug bounty programs have evolved to meet the increasing challenge of identifying and mitigating critical security flaws. “Fewer researchers are submitting fewer, but more impactful bugs,” Göhmann noted, pointing to an 8% drop in vulnerability submissions but a 2% increase in those classified as critical or high severity. This trend underscores the enhanced security posture of Google’s ecosystem, even as the threats grow more sophisticated.

For hackers working within the legal framework, the rewards are substantial. The bug bounty programs offer generous payouts across various categories: mobile security issues can fetch up to $300,000 for critical vulnerabilities in top-tier apps, while Chrome bounties top out at $250,000. Additionally, the Cloud program offers rewards up to $151,515. In total, the Android and Google Devices Security Reward Program, along with the Google Mobile Vulnerability Reward Program, collectively awarded more than $3.3 million in bounties over the year.

Google’s relentless focus on patching vulnerabilities is evident in its response to the 337 verified and unique Chrome vulnerabilities reported in 2024, which resulted in $3.4 million being awarded to 137 different researchers. This ongoing investment in cybersecurity not only protects billions of users but also reinforces the notion that ethical hacking is a critical component of modern digital defense.

For security researchers and bug bounty hunters, this payout represents an affirmation that hacking, when conducted legally and ethically, can be both a career and a means to significantly enhance cybersecurity. Google’s initiative is a reminder that while criminal hacking remains a serious offense, the efforts of those who expose vulnerabilities to improve security are vital—and well compensated.

As cyber threats continue to evolve, Google’s approach of incentivizing the global community of security researchers sets a powerful example. By turning potential vulnerabilities into opportunities for collaboration and innovation, the company is ensuring that its products remain resilient in an increasingly hostile digital landscape.

Photo Credit: DepositPhotos.com