Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel.
The payouts for privilege escalation exploits using a known vulnerability will be up to US$31,337, while zero-day exploits will be awarded a payout of $50,337.
The move of tripling the bounty aims at encouraging white hat hackers in focusing their efforts on the research and fix of new Kernel exploitation techniques that are very dangerous.
“Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique.” reads the Google announcement. “We are constantly investing in the security of the Linux Kernel because much of the internet, and Google—from the devices in our pockets, to the services running on Kubernetes in the cloud—depend on the security of it. We research its vulnerabilities and attacks, as well as study and develop its defenses.”
The IT giant allows white hat hackers and research to work using a lab environment that it has set up for the purpose. The company pointed out that the easiest exploitation primitives could not be demonstrated in this lab environment due to the hardening done on Container-Optimized OS.
Google says that this program complements Android’s VRP rewards, this means that experts that will submit exploits that work on Android could also be eligible for up to 250,000 USD (that’s in addition to this program).
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, bug bounty)
[adrotate banner=”5″]
[adrotate banner=”13″]
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…
Interlock Ransomware 's attack on a defense contractor exposed global defense supply chain details, risking…
Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack…
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks…
This website uses cookies.