Google has announced that they have doubled the rewards for anyone who can who can demonstrate working exploits for a range of zero-day and one-day vulnerabilities across a variety of platforms.
The reward increases are applicable to exploits discovered in the Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF (Kubernetes-based infrastructure for capture the flag exercises). The next review will come at the start of 2023.
Rewards for valid one-day security exploits, sometimes known as ‘n-days’, will increase from a maximum of $31,337 to $71,337. While one-day vulnerabilities are publicly known and do have patches, Google will offer rewards for novel exploits.
To receive a reward for valid one-day exploits, Google requires bug hunters to provide a link to the existing patch in their report. Google will be limiting the number of rewards for one-day vulnerabilities to only one version or build.