Skip to main content

Microsoft and Google paying more than ever for bugs found in their systems

google microsoft increase payouts in bug bounty programs
Jean Marconi/Flickr
If you’re a coder or other highly technical sort who can dig into a system and find bugs, then you can turn that skill into some cash. Developers big and small, including major players like Google and Microsoft, have programs that will pay you real money for discovering flaws and vulnerabilities in their systems.

Both Google and Microsoft recently decided to up ante in their bounty programs, jacking up the amount they pay people for finding bugs. Google made the first increase, and then Microsoft literally doubled down on its own program, as FossBeta reports.

Google increased its largest award level to $31,337 for anyone identifying a remote code execution vulnerability. That’s a more than 50 percent increase from the previous cap of $20,000. Unrestricted file system or database access bugs can bring the successful bounty hunter between $10,000 and $13,337.

Google Application Security Blog
Google Application Security Blog

Google’s bounty program pays out for vulnerabilities discovered in various Google properties such as Google Search, the Chrome web store, Google play, and more. Some of the specific bugs that Google is looking for are command injections, deserialization flaws, and sandbox escapes.

Microsoft is looking for cross site-scripting, cross-site request forgery, and a variety of other flaws in its systems. The company has recently suffered some zero-day bugs identified and publicized by the Google Zero program before it could fix them, which might be part of the reason why Microsoft doubled its bug bounty from $15,000 to $30,000.

Security is big business, as is cybercrime. Hackers can make tons of money exploiting systems and then selling the private information they’re able to steal, and bug bounty programs like Google’s and Microsoft’s help even the playing field.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Google Chrome extensions are failing, and $8,000 is on the table for a fix
A mouse pointer hovering over the CrankWheel Chrome Eextension.

There seems to be some mysterious problem affecting certain Chrome extensions, but it's intermittent enough that it hasn't yet been solved. The problem is annoying enough that one developer has posted two $4,000 bug bounties and created an Upwork job listing that pays up to $150 per hour. These incentives might inspire others to help track down and fix the bug.

First spotted by TechRadar and described in detail in a blog post written by Jói Sigurdsson, founder and CEO of the CrankWheel screen-sharing extension for the Google Chrome browser, the bug is related to a failure to trigger an action when the extension's icon is clicked on the toolbar. Since this is frequently how an extension is used, it's a crippling error. Unfortunately, the problem is difficult to recreate and is estimated to impact only 3% to 5% of those that have affected extensions installed.

Read more
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more
Why I still use Microsoft’s Office suite instead of Google’s free options
Computer user touching on Microsoft word icon to open the program.

You can find all sorts of comparisons if you search the internet for Microsoft Office versus Google apps. And these side-by-side comparisons are helpful if you’re deciding between the two productivity suites. If it comes to cost, many simply find Google’s free apps like Docs, Sheets, and Slides the obvious choice. 

But if you’re like me and use these types of applications many, many times per day, or even for running a small business, you have to look at more than the price tag.

Read more