In 2025, Google rewarded over $17.1 million in bug bounties to security researchers, the highest amount it has ever paid.
Last year, Google rewarded a total of 747 developers and security researchers for their vulnerability and bug discoveries. The highest individual bounty amounted to $250,000.
The Android and Google Devices Security Reward Program, one of the Vulnerability Reward Program’s subcategories, awarded over $2.9 million to external researchers. One developer, named “lovepink,” submitted a report on a critical firmware breakthrough to glowing reviews.
“This finding was a masterclass in research, bypassing multiple defense-in-depth layers to compromise the kernel from the GPU, a reminder that as we harden the OS, the battleground shifts deeper into the silicon,” Google said in its Bug Hunters blog post.
In the Chrome subcategory, Google rewarded participants a total of $3,716,750, which was divided among 100 different reporters. While improvements have reduced the number of reported sandbox escapes, two developers managed to find logic bugs in Chrome’s IPC mechanisms with demonstrated exploitation. These discoveries led to rewards of $250,000.
Google’s Cloud Vulnerability Reward Program, which was launched in October 2024 to improve Google Cloud, awarded a total of $3,574,399 in rewards to 143 different researchers. Combined, they submitted 1,774 reports.
Have thoughts about this topic? Others do, too. Join them in the discussion.
Last year, Google initiated a bug bounty program for its AI products. Since October 2025, the company has rewarded over $350,000 in bug bounties for this category, bringing the company’s AI reward total over $890,000.
“In 2026, we remain fully committed to fostering collaboration, innovation, and transparency with the security community. In this spirit, we’d like to extend a huge thank you to our bug hunter community for helping us make Google products and platforms more safe and secure for our users around the world,” Google concludes.
Google’s Vulnerability Reward Program offers financial rewards to developers and security researchers who discover software bugs in Google's products and platforms and report them to Google.
The Vulnerability Reward Program has been around since 2010 and has since rewarded participants with well over $81.6 million.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked