In 2021, Google paid total $8.7m to security researchers for finding loopholes in their service

In 2021, Google paid a record amount to a security researcher who found a loophole in their ecosystem. Through the Vulnerability Reward Program (VRP), the tech giant paid a total of $8.7 million last year to 696 researchers in 62 countries.

Dividing the totals as noted in the new Google blog reveals that 119 researchers who found bugs in the Android program were rewarded, and 115 participants who found vulnerabilities in Chrome took home their prize money.

Researchers who receive other rewards have found security holes in Google services such as Cloud and Google Play. In 2021, they awarded more than $200,000 in grants to more than 120 security researchers worldwide.

The milestone also led to new records for the VRP of Google services. Android VRP, for instance, saw the highest payout in its history, with an exploit chain in Android receiving a reward of $157,000. The total amount offered as rewards to Android security researchers was close to $3 million. Similarly, Chrome security researchers took home $3.3 million in VRP rewards, the highest in the program’s history.

Google mentioned in the blog that the winning researchers donated over $300,000 of their rewards to charity. The company is yet to give out an “industry-leading prize” of $1,500,000 for a compromise of its Titan-M Security chip used in the Pixel phones.

In its blog, the company also noted the launch of its Bug Hunters portal in 2021. The public researcher portal is meant to enable an easier bug submission for researchers across its VRPs, whether Google, Android, Abuse, Chrome or Google Play. The portal does so by using a single intake form for all bug submissions.