Google offers bounty for Chrome vulnerabilities

Google is offering security researchers a cash reward for finding flaws in its Chrome web browser.

The company said that it would be doling out payments ranging from US$500 ($569) to US$1337 ($1521) to developers who find and directly report security holes in the browser.

The US$1337 amount is an apparent homage to the hacker term '1337' (pronounced "elite".)

The payment system will apply to flaws in the Chromium open source project along with the Chrome browser and bundled components such as Google Gears.

In unveiling the campaign on the official Chromium blog, Google Chrome security team member Chris Evans said that the company was looking to bring more third party researchers into its midst.

"Some of the most interesting security bugs we've fixed have been reported by researchers external to the Chromium project," he wrote.

"Thanks to the collaborative efforts of these people and others, Chromium security is stronger and our users are safer."

Paying vendors for disclosure of flaws has been a tactic used by both developers and security vendors to encourage not only research, but responsible disclosure.

Firms hope that by offering cash rewards, researchers will report flaws to those who will patch them rather than malware writers who pay for new vulnerabilities to exploit.