Google three times increased reward for vulnerabilities
The company will also prevent sites from tracking users in private mode.
Google Inc. has announced a threefold increase in the maximum amounts paid as part of the reward program for vulnerabilities found in Chrome and its components.
In particular, the “maximum base amount of remuneration” for vulnerability in Chrome increased from $ 5 thousand to $ 15 thousand, the maximum possible reward amount – $ 30 thousand up to $ 150 thousand).
Among other things, the company decided to remove the ability for sites to determine when a user visits a resource in private mode. The change will be implemented with the release of Chrome 76 at the end of July 2019. Sites will no longer be able to check for the presence of the FileSystem API (the absence of this API indicates that the user entered the site in incognito mode).
As explained in the company, developers will change the behavior of the FileSystem API in such a way as to exclude the possibility of tracking users in private mode. Also, engineers are working on measures to eliminate other ways to determine in which mode the user visits the site.