Google paid nearly $12 million in bug bounty rewards to 660 security researchers in 2024 through its Vulnerability Reward Program (VRP).
Among the key updates, Google raised its maximum VRP reward to $151,515, while its Mobile VRP now offers up to $300,000 for critical vulnerabilities in top-tier apps, with exceptional reports reaching up to $450,000. The Cloud VRP also saw a major boost, with top-tier rewards increasing by up to five times. Meanwhile, bug bounties for Chrome security vulnerabilities now exceed $250,000.
A notable highlight was the doubling of rewards for MiraclePtr bypasses, jumping from $100,115 to $250,128. Google also introduced the kvmCTF program in October 2023, offering up to $250,000 for full VM escape exploits targeting the Kernel-based Virtual Machine (KVM) hypervisor.
Since launching its VRP in 2010, Google has awarded $65 million in bug bounties. In 2024 alone, the company distributed $3.4 million for Chrome security reports and over $3.3 million for Android and Google device security research. As Google prepares to celebrate 15 years of its VRP in 2025, it remains committed to enhancing security through collaboration and innovation.
