LINUX: Google has doubled the awards

Feb 27, 2022 - 20:39
 26
LINUX: Google has doubled the awards

Google has raised the prize fund for Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), and kCTF vulnerability reports. These are additional incentive bonuses tied to "zero-day" defects and exploits of various kinds via novel ways.

"We have raised our prizes because we know that in order to draw community attention, we must align our awards with their expectations. We consider the expansion to be a success and intend to extend it at least until the end of the year "Eduardo Vela of Google Vulnerability Matchmaker explained.

Although it was revealed last November that reports of significant vulnerabilities would be rewarded up to $ 50,337, depending on severity, Google has now boosted the maximum payment to $ 91,337. That's nearly double.

However, obtaining the most money for exploitation is contingent on a number of factors, including whether the defects are "zero-day" or unknown without a security patch, whether they don't require unprivileged user namespaces, and whether they use novel exploitation techniques.

Each comes with a $ 20,000 bonus, bringing the total value of the first valid report to $ 91,337.

While Google will not pay for multiple exploits of the same security problem, it has stated that bonuses for new exploitation techniques will continue to apply, which means those implicated might still receive $ 20,000 for duplicates.

As of November, Google had paid more than $ 175,000 for nine distinct reports, three of which had already been corrected, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185.

Since launching its first VRP more than a decade ago, Google has compensated more than 2,000 security experts from 84 different countries for reporting about 11,000 defects, according to a July 2021 announcement.

Since the Chromium Vulnerability Reward Program's inception in January 2010, people involved have earned moreover $ 29 million, according to Google.

In addition, the 2021 Vulnerability Rewards Program report shows that a record $ 8.7 million has been given, including the greatest compensation in Android VRP history - the exploit chain of $ 157,000.

Gmail gets redesigned

Google has decided to rebuild Gmail, and when it is released, it will feature numerous alternatives within a single template. So, not only will it get a new design in the spring, but several of the current settings and services will also change.

For example, while browsing the email, Google Workspace applications will be used in a different way. It will also update the way you navigate main Gmail features like Chat and Meet. It will now be in one "place" from now on, which means improved visibility and an overall easier method to use it.

Google began rolling out an update for personal and domain users in February, and the change should be available to all Gmail users by April. Gmail users may expect to see notification bubbles for various services, and those linked to messages will be able to answer in a pop-up window.

Whether the panel is open or closed, Google Apps will be available in the drop-down menu. Furthermore, you will no longer need to switch between tabs or open new windows in order to join meetings or use other features.

Although this will become the default user view in April, the old layout will be available for a limited time until June, after which it will no longer be available and all new features will be standard. With the exception of Google Workspace Essentials users, the move affects Gmail users with personal and corporate accounts.

It appears to be the most significant alteration in the five or more years since Google established its present appearance. Which still appears to be new and fresh. Given the universality of applications, Google, like its competitors, is looking for ways to offer a consistent experience across all devices. This is totally understandable, and one can only hope that the adjustments are actually a step forward.