As part of a new bug bounty program to strengthen the security of the Linux kernel, Google announced on Monday that it will pay security researchers to uncover security vulnerabilities, whether previously remediated or not, during the next three months.
To that end, Google plans to pay out $31,337 in rewards for exploiting privilege escalation in a lab environment for each patched vulnerability, with the amount rising to $50,337 for exploits that use zero-day flaws in the kernel and other undocumented attack techniques.
The bounty program is expected to run until the end of January 2022.
Eduardo Vela of Google Bug Hunters Team said “It is important to note, that the easiest exploitation primitives are not available in our lab environment due to the hardening done on Container-Optimized OS,”
Researchers can use the rewards program in conjunction with Android’s VRP awards to demonstrate exploits that operate on the mobile operating system and be eligible for up to $250,000 in bug bounties.