Google adds their Chrome apps and extensions to bug bounty

Google adds their Chrome apps and extensions to bug bounty: Google has expanded the scope of their bug bounty program to include Google-created apps and extensions for Chrome.

At the same time the company increased “substantially” the rewards they pay out as part of their Patch Rewards program. This program pays out rewards for fixes to vulnerabilities in a set of significant open source projects, such as the Linux kernel, OpenSSL, Sendmail and libxml2.

The Vulnerability Reward Program, Google’s main bug bounty, will now accept vulnerability submissions for Chrome apps and extensions developed and branded as “by Google.” Google says developing such apps and extensions securely is relatively easy, especially if you follow their security guidelines, but these apps and extensions are popular and important enough that they receive a high level of scrutiny.

The reward levels will range from $500 to $10,000 and you may make submissions at goo.gl/vulnz.