Catching bugs in your spare time can turn into a lucrative hobby, provided the bugs you're hunting reside in Google's Chrome browser. The Chromium Vulnerability Rewards Program has shelled out over $1 million to date, putting money in the pockets of security researchers who help make Chrome more secure, and it's about to start doling out larger payments for flaws that have become increasingly hard to find.
"Recently, we’ve seen a significant drop-off in externally reported Chromium security issues. This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger," Google stated on its Chromium blog.
Researchers who discover "particularly exploitable" issues will receive a bonus payment of at least $1,000 on top of the base reward. Google is also now offering minimum $1,000 bonus payments for discovering bugs in stable areas of Chrome's code base, as well as for serious bugs that impact a significantly wider range of products, such as open source parsing libraries.
It's unlikely anyone could make a living by just hunting Chrome bugs, even with the bonus incentives, but it is a great way to beef up the bank account. Google has, at times, awarded bug hunters upwards of $10,000, plenty enough to build a Dream Machine caliber PC with money to spare.