Google is making major changes to its Android and Chrome vulnerability rewards programs, increasing payouts for highly advanced exploits while reducing rewards for bugs that artificial intelligence has made easier to discover.
The company says the highest payout now reaches $1.5 million for zero-click full-chain exploits targeting the Pixel Titan M2 security chip with persistence, one of the most difficult attack scenarios in its program. Similar exploits without persistence can earn researchers up to $750,000.
Google is also increasing rewards for complex Chrome attacks. Researchers who successfully demonstrate full-chain browser process exploits on fully updated systems and hardware can now receive up to $250,000. The company is also offering an additional $250,128 bonus for exploits involving MiraclePtr-protected memory allocations.
According to Google, the updated program is designed to focus more on technically challenging and high-impact vulnerabilities that remain difficult to discover and exploit.
The company is also changing how security reports are submitted. For Chrome vulnerabilities, Google now wants shorter reports that mainly include proof of the bug and essential technical details instead of long written analyses. The company said AI tools can now generate detailed reports automatically, while Google’s own internal systems can already help explain bugs and suggest fixes.
On the Android side, Google says the rewards program will now focus mainly on Linux kernel vulnerabilities affecting Google-maintained components unless researchers can clearly prove that a flaw is exploitable on Android devices.
The restructuring comes after Google’s biggest bug bounty year so far. In 2025, the company paid $17.1 million to 747 security researchers, marking a more than 40 percent increase compared to 2024 and setting a new record for the program.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Since launching its vulnerability rewards initiative in 2010, Google says it has paid more than $81.6 million to researchers worldwide. The company also expects total payouts in 2026 to increase further, even as some individual reward categories are reduced.
