Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel.
The payouts for privilege escalation exploits using a known vulnerability will be up to US$31,337, while zero-day exploits will be awarded a payout of $50,337.
The move of tripling the bounty aims at encouraging white hat hackers in focusing their efforts on the research and fix of new Kernel exploitation techniques that are very dangerous.
“Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique.” reads the Google announcement. “We are constantly investing in the security of the Linux Kernel because much of the internet, and Google—from the devices in our pockets, to the services running on Kubernetes in the cloud—depend on the security of it. We research its vulnerabilities and attacks, as well as study and develop its defenses.”
The IT giant allows white hat hackers and research to work using a lab environment that it has set up for the purpose. The company pointed out that the easiest exploitation primitives could not be demonstrated in this lab environment due to the hardening done on Container-Optimized OS.
Google says that this program complements Android’s VRP rewards, this means that experts that will submit exploits that work on Android could also be eligible for up to 250,000 USD (that’s in addition to this program).
(SecurityAffairs – hacking, bug bounty)