Google has overhauled its bug bounty programs for Chrome and Android due to the rise of AI tools in vulnerability discovery. For Android, maximum rewards have increased, notably up to $1.5 million for zero-click Pixel Titan M exploits with persistence. Google is prioritizing vulnerabilities with the highest user impact and those harder for AI to detect, and incentivizing reports that include proposed patches. For Chrome, payouts have decreased, focusing on concise, actionable reports with concrete proof of bugs, and phasing out certain bonuses due to AI-driven submission surges. These program changes aim to manage the influx of AI-generated reports and improve the quality and impact of vulnerability disclosures. No specific exploit or vulnerability details are provided.

The impact is primarily on the vulnerability research and reporting ecosystem rather than on end users or systems directly. Increased payouts for Android exploits may incentivize discovery and reporting of high-impact vulnerabilities, potentially improving device security. Reduced payouts for Chrome vulnerabilities reflect a shift in Google's approach to managing AI-driven report volume and quality. There is no indication of active exploitation or new vulnerabilities introduced by these changes.

This content does not describe a specific vulnerability requiring patching or mitigation. Instead, it details changes to Google's bug bounty programs. No direct mitigation actions are necessary for defenders based on this information. Organizations should monitor official Google advisories for any specific vulnerability disclosures and patches related to Android or Chrome.