Google has decided to increase the rewards of its bug bounty program significantly, according to a recent blog post by members of the tech giant's security team.
Any cross-site scripting (XSS) flaws found in accounts.google.com are now worth $7,500 (previously $3,133.70), and now any Gmail and Google Wallet bugs will fetch up to $5,000, up from $1,337. For any information regarding significant authentication bypasses/information leaks, the top reward has increased from $5,000 to $7,500.
Remote code execution vulnerabilities and SQL injection flaws still offer the biggest reward in Google's bug bounty program.
According to the blog post by Adam Mein and Michal Zalewski, members of Google's security team, the company's vulnerability reward program has paid $828,000 to more than 250 individuals.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
