Google has decided to increase the rewards of its bug bounty program significantly, according to a recent blog post by members of the tech giant's security team.
Any cross-site scripting (XSS) flaws found in accounts.google.com are now worth $7,500 (previously $3,133.70), and now any Gmail and Google Wallet bugs will fetch up to $5,000, up from $1,337. For any information regarding significant authentication bypasses/information leaks, the top reward has increased from $5,000 to $7,500.
Remote code execution vulnerabilities and SQL injection flaws still offer the biggest reward in Google's bug bounty program.
According to the blog post by Adam Mein and Michal Zalewski, members of Google's security team, the company's vulnerability reward program has paid $828,000 to more than 250 individuals.
_(28).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0){kind=logo}
_(33).jpg&h=140&w=231&c=1&s=0)
iTnews Benchmark Awards 2026
iTnews Executive Retreat - Security Leaders Edition
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
