This was his fifth bounty which he received reporting bugs to Google. The first bug bounty worth $500 he received when he was a month shy of 17
Google awarded an Uruguayan teenager about Rs 24.7 lakh as bug bounty for finding a serious security flaw which could give access to an attacker to its internal system.
Ezequiel Pereira, an 18-year-old student at the University of the Republic in Uruguay, found about the bug in February this year. However, he publically wrote about it only after the issue was confirmed as fixed by Google engineers.
He announced that he was awarded $36,337 for a finding a remote code execution vulnerability—the highest tier for bugs.
“In early 2018 I got access to a non-production Google App Engine deployment environment, where I could use internal APIs and it was considered as Remote Code Execution due to the way Google works. Thanks to this I got a reward of $36,337 as part of Google Vulnerability Rewards Program,” he wrote.
This was his fifth bounty which he received reporting bugs to Google. The first bug bounty worth $500 he received when he was a month shy of 17. Since then he received a total of $59,337 in bounties, including the latest one.
Pereira confessed that he was not even aware he had found something this serious. “I was not aware until then that this was regarded as Remote Code Execution, it was a very pleasant surprise,” he said.
Google, like many technology giants, has a Vulnerability Rewards Program which awards security researchers if vulnerabilities are reported to the company.Last year, the company doled out $2.9 million in 1,230 individual rewards to researchers across the globe. The biggest single reward was worth $112,500.