Other levels of compensation, other than RCE, include showing controlled writing or memory corruption.
The base for bugs that don’t show such “high quality reports” ranges from US$7,000 to US$25,000.
Last year, the total payments to Google’s bug hunting program was US$10 million dollars, distributed among 632 people from 68 countries. Just over one-third of the amount ($3.4 million) is related to Android vulnerabilities. The second largest expense (US$2.1 million) is related to Chrome bugs.
Source link