Google has made a significant update to its reward program for researchers who identify security vulnerabilities in Android and Chrome platforms. The company announced that it has increased the bounty amount it offers for the most critical Android vulnerabilities to 1.5 million dollars.

This new regulation brings about a proportionate decrease in the reward amounts, especially for simpler vulnerabilities that can be easily detected by artificial intelligence tools. Google is focusing on high-risk categories that are difficult to find with artificial intelligence in order to reward the unique talents of researchers.

New Rewards Criteria for Android and Chrome

Under the new program, researchers who find a full-chain Pixel Titan M2 vulnerability that works with zero clicks and provides persistence can win up to $1.5 million. It is planned to pay up to $750,000 for similar vulnerabilities that do not have a permanent feature.

The Android program now focuses more on Linux kernel vulnerabilities managed by Google. One of the basic requirements is for researchers to prove that these vulnerabilities can be used on an Android device.

On the Chrome side, bounties of up to $250,000 are offered for full-chain exploits targeting browser processes. Additionally, additional bonuses of up to $250,128 are paid for reports that successfully exploit an area thought to be protected by Miracle Ptr.

Record Payments and Future Goals

Last year, Google paid a total of $17.1 million to 747 researchers, reaching the highest annual amount ever. This figure represents an increase of over 40 percent compared to the previous year.

The company has paid over $81 million in total to security researchers since 2010. Although individual reward amounts have been reduced in some categories, Google predicts that the total payment amount in 2026 will be higher.

What do you think about Google’s new reward strategy for security vulnerabilities?