Program Rules – Application Security – Google
In principle, any Google-owned web service that handles reasonably sensitive user data is intended to be in scope. This includes virtually all the content in the following domains: Note that the scope of the program is limited to technical vulnerabilities in Google-owned browser extensions, mobile ...