Last month, the popular Google Chrome extension Archive Poster was reportedly misbehaving and had turned into an in-browser cryptocurrency miner. Soon after that, security researchers have now detected four more malicious extensions on the Google Chrome browser. So it can be said, even Google's products and services are vulnerable to security risks.
However, Google had tried its best to fight to these problems. Turns out, the search engine giant paid out nearly $3 million (approximately Rs. 19 crores) to security researchers last year as rewards for the vulnerabilities they found in its products and services. Each researcher received about $1.1 million (approximately Rs. 7 crores) for bug reports specific to Google and Android products while Chrome awards accounted for the rest of the Vulnerability Reward Program.
"We awarded researchers more than $1 million for vulnerabilities they found and reported in Google products, and a similar amount for Android as well. Combined with Chrome awards, we awarded nearly $3 million to researchers for their reports," stated Jan Keller, a member of Google's Vulnerability Reward Program (VRP) in a blog post.
"We also awarded $125,000 to over 50 security researchers from all around the world through our Vulnerability Research Grants Program and $50,000 to the hard-working folks who improve the security of open-source software as part of our Patch Rewards Program," Keller also added.
Guang Gong, an independent researcher, was paid the largest single payment of $112,500 (approximately Rs. 72.4 lakhs) for outlining an exploit chain on Pixel phones as part of the Android Security Rewards Program.
The first generation Pixel phones was the only device that was not exploited during last year's annual "Mobile Pwn2Own" competition and Guang's report helped strengthen its protections further.
"Pwn2Own", a hacking contest, take place every year at the CanSecWest security conference where contestants are challenged to exploit widely-used software and mobile devices with previously unknown vulnerabilities.
Written with IANS inputs