Bug collecting can be quite the lucrative hobby, provided they're of the software variety. Google routinely pays out three-, four-, and sometimes five-figure bounties to bug hunters who find and report vulnerabilities in the company's Chrome browser, but yesterday, it took the unusual step of paying a pair of software gurus $5,000 for reporting an issue in Windows.
"Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue," Google's Chrome team stated in a blog post.
Eetu Luodemaa and Joni Vähämäki from independent software vendor (ISV) Documill were the recipients of the $5,000 award, which tied for the second largest sum awarded in this round of bug bounties. They discovered a kernel memory corruption issue in Windows.
Bug bounty rockstar Sergey Glazunov also received $5,000 for a single bug discovery, along with a $10,000 bounty for rooting out a cross-site scripting vulnerability in Chrome that, if left unchecked, it would have allowed remote attackers to inject arbitrary web script or HTML code.
Google paid out $29,500 in all for this round of bug hunting focused on vulnerabilities found in Chrome 22.