02-07-2014 06:29 PM
Google is so happy with its bug bounty program that it has increased the rewards given for flaw-finding and has added all of its home-grown apps and extensions for Chrome to the prize pot.
"We will broaden the scope of our vulnerability reward program to also include all Chrome apps and extensions developed and branded as 'by Google,'" said Eduardo Vela Nava and Michal Zalewski from the Google security team in a blog post.
"We think developing Chrome extensions securely is relatively easy (given our security guidelines are followed), but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly."
In November, Google paid an undisclosed sum to security researcher Oren Hafif after he spotted a "high impact" flaw in Gmail that allowed account hijacking. Under the new bounty program he'd probably have got the maximum $10,000 award for a serious flaw, but Google is now offering a minimum of $500 for more minor problems in its Chrome ecosystem.