Google has paid $112,500 in bug bounties to Guang Gong from Alpha Team, Qihoo 360 Technology. Gong submitted an exploit chain that included two bugs to the Android Security Rewards program. The exploit chain could have allowed Android devices to be compromised after a user clicked on a URL in Chrome. Google said it was the first working remote exploit chain to be submitted to the Android program.
Google fixed the bugs with its December security update.
The company will pay up to $200,000 for security vulnerabilities submitted to the bug bounty program. To date it has paid out $1.5 million in rewards.