If an “eligible” bug is submitted and accepted by a Google panel, the lucky winner will get a minimum of $500.
But if you’re really clever and find a particularly severe vulnerability, Google may lash out and give you $1,337. While it’s the Chromium open source project that is fielding the bug reports, it’s Google that will be paying you the moolah.
Eligible bugs can be any security bug but the panel said in this message that it “will typically focus on high and critical impact bugs”. Bugs in both Google Chrome and the Chromium project are both eligible, but not bugs in third party plugins and extensions.
If you’ve worked on the Google Chrome you won’t be eligible for a cash reward.