Google reportedly is rewarding the bug bounty hunters who uncovered and exploited privilege escalation bugs in the Linux kernel.
Google intends to pay US$31,337 for privilege escalation attacks based on a previously fixed vulnerability, and $50,337 for a zero-day kernel issue or perhaps a unique exploitation approach during the following three months.
These amount to a treble of Google's bug bounty payouts and are intended to incentivize hackers to reveal zero-day exploits or mitigation bypasses for Linux kernel flaws with significant security repercussions.
Google is continually investing in the security of the Linux Kernel since it is critical to the safety of the internet and Google—from the gadgets in your pockets to the services running on Kubernetes in the cloud. Researchers investigate its flaws and attacks, as well as examine and improve its defenses.
“We hope the new rewards will encourage the security community to explore new Kernel exploitation techniques to achieve privilege escalation and drive quicker fixes for these vulnerabilities,” Google said in a note announcing the program.
Google stated that the base price for exploiting a publicly fixed vulnerability is $31,337 (at most one exploit for every vulnerability), with the payout increasing to $50,337 in two cases:
- If the bug in the Kernel was somewhat unpatched (0day).
- If Google determines that the exploit employs a novel attack or approach.
Google is managing the new rewards in a specific CTF-style lab environment, and the simplest exploitation primitives are not available owing to strengthening done on Container-Optimized OS. According to the business, the initiative supplements the existing Android vulnerability rewards program, so exploits that operate on Android may also be considered for up to $250,000.
