Overview
- Google, which announced the revamp Tuesday, set a $1.5 million top reward for a zero-click, full‑chain Pixel Titan M2 compromise with persistence, with up to $750,000 for the same chain without persistence.
- Chrome full‑chain exploits on up‑to‑date systems now pay up to $250,000, with a $250,128 bonus for breaking into memory protected by MiraclePtr, a Chrome defense meant to block use‑after‑free bugs.
- Android’s program narrows to Linux kernel issues in Google‑maintained components unless a report proves the bug can be exploited on real Android devices.
- Chrome submissions should now focus on concise proofs and essential artifacts rather than long write‑ups, reflecting Google’s view that AI can generate lengthy analyses on its own.
- Google is releasing new Chrome research builds to demonstrate memory access and information leaks and will add FAQ guidance, with extra incentives for reports that include concrete patch proposals.