"Google Temporarily Offering $180,000 for Full Chain Chrome Exploit"

Google recently announced significantly higher bug bounty rewards for vulnerability reports containing full chain exploits leading to a sandbox escape in Chrome.  Until December 1, 2023, the first report to contain a full chain exploit leading to a Chrome sandbox escape, Google says, may receive up to $180,000, or even more if cumulated with other bonuses, which is triple the current reward amount.  Google noted that subsequent full chain exploits that are submitted during the timeframe may receive up to $120,000, which is double the current reward amount.  All reports should be submitted through the Chrome vulnerability rewards program.  According to Google, interested researchers may submit the vulnerability report in advance but need to provide a functional exploit by December 1 to be eligible for the increased rewards.  The first functional full chain exploit submitted during the timeframe, which demonstrates attacker control or code execution outside the Chrome sandbox, is eligible for the triple reward amount.  Google noted that the exploit chain should be performed remotely and require no or very limited user interaction.  Furthermore, it should target an active Chrome release channel at the time of the initial reports of the bugs in that chain.  Exploits targeting publicly disclosed bugs in past versions of Chrome are not eligible for the reward.

SecurityWeek reports: "Google Temporarily Offering $180,000 for Full Chain Chrome Exploit"