In a significant move to enhance cybersecurity measures, Google announced a substantial $17.1 million payout through its bug bounty programs in 2025. This marked a notable elevation from the previous year’s $12 million, reflecting a 40% increase in rewards distributed to vigilant security researchers.
Expanding Rewards for Chrome Vulnerabilities
Throughout 2025, over 700 security experts were acknowledged for their contributions to Google’s vulnerability programs. Among these, a remarkable $3.7 million was allocated to more than 100 researchers who identified security flaws in the Chrome browser. The leading researcher in this category alone secured $811,000, underscoring Google’s commitment to bolstering browser security.
These initiatives have notably reinforced the V8 engine’s sandbox protections and enhanced memory safety features, showcasing Google’s proactive approach to securing its platforms.
Cloud Security Gains Prominence
Google’s cloud services also witnessed increased scrutiny from the security community, with researchers earning over $3.5 million in bounties. Launched in October 2024, the Cloud Vulnerability Reward Program (VRP) processed 1,774 security reports in its inaugural full year, rewarding 143 researchers for their essential findings.
The insights derived from these reports prompted crucial architectural modifications across several Google Cloud products, significantly enhancing their security framework.
Focus on Android and AI Security
The Android and Google Devices security reward program saw over $2.9 million awarded to researchers uncovering critical and high-severity vulnerabilities. This occurred in the context of ongoing investments in platform hardening, including the adoption of memory-safe languages and hardware defenses.
Moreover, Google’s AI and Abuse VRPs distributed $890,000 and $482,000 respectively, emphasizing the company’s dedication to safeguarding its diverse technological ecosystem. Further, the OSS VRP program contributed over $327,000, highlighting the expansive scope of Google’s security initiatives.
Google remains steadfast in its objective to preempt emerging threats and bolster the security of its offerings, ensuring a collaborative effort with the global research community continues to thrive.
