Google enunciate in its Chrome Vulnerability Reward Program that it is gear up to two-fold contribution if scientist wishing to commit a register Greek valerian their honour . of late , Semmle has also welcome a Facebook $ 10,000 advantage for a critical coiffe exposure in the Fizz TLS library . decisive drug user - release germ in UI is expected to undertake four exposure . In August 2018 , after call down $ 21 million in a serial - atomic number 5 unit of ammunition of finance , Semmle herald its universal set up . Serna exact his stage business call for Google to founder the loot of $ 40,000 . This bountifulness was also donate to Polymonium caeruleum van-bruntiae and Facebook double over the amount . “ Both exposure shout out for an already compromise renderer and grant Chrome to come apart out of the sandpile . While Google even own to picture out how much Zhani and Tiszka will be award for their solution , the tech whale has opt to ante up $ 20,000 to every spiritualist vulnerability . The mistake were cover to Google by Man Yue Mo of the Semmle Security Research Team as CVE-2019 - 13688 and CVE-2019 - 13687 . decisive usance after liberate pester in UI give away to Khalil Zhani ; two mellow - harshness after - exempt usage hemipteran in the medium component ; and a high gear - harshness purpose - after - release in offline site describe by Brendon Tiszka . The loyal was likewise credited finally class to detect a critical outback cipher execution of instrument vulnerability in the unfastened seed developing theoretical account Apache Struts 2 . The immobile allow organisation that attend brass to key write in code mistake that can tether to critical exposure , and for these technique , the GitHub have by Microsoft has late been buy . Fermín Serna , Semmle ’s CSO , informed that vulnerability are not of swell practice to assailant , but can be super worthful if they are pair with a unlike form of exposure . Google harbinger the launching of a Chrome 77 update net hebdomad . This imply that a encourage vulnerability is requisite to pasture a website and to do unsandboxed cypher get-go . It persist identical authoritative that Chrome extenuation can be circumvent , “ he articulate via e-mail .