Microsoft offering up to $30K for finding flaws in Chromium-based Edge browser

1 Mins read
Chromium-based Edge

Microsoft recently released the beta version of its Chromium-based Edge – and now the company has made available the Insider Bounty Program for the same.

The tech is offering a reward of up to $30,000 to those who find out unique vulnerabilities in the new version of Edge and that has a direct and high impact on the service.

The Microsoft Edge Insider Bounty Program is offering reward in the range of $1,000 to $3,000, depending upon the severity of the bug and quality of submission.

“The goal of the Microsoft Edge (Chromium-based) Insider Bounty Program is to uncover vulnerabilities that are unique to the next Microsoft Edge which have a direct and demonstrable impact on the security of our customers,” Microsoft wrote in a blog post.

The tech giant has mentioned features that are unique to Chromium Edge such as Internet Explorer mode, PlayReady DRM, Sign in with Microsoft Account (MSA) or Azure Active Directory (AAD), Application Guard and more.

Finding unique bugs on the latest version of Edge can be a big business. For this, Microsoft will issue rewards in various tiers. Spoofing and tampering related security impact will earn between $1,000 to $6,000 for low to high quality of report. Information Disclosure and Remote Code Execution (RCE) will earn around $1,000 to $10,000 depending upon the severity of the report. Vulnerability resulting due to Elevation of Privilege (EoP) will earn between $5,000 to $15,000. Vulnerability resulting in escape from the WDAG container to the host will get $30,000 as reward.

The company has covered Terms and Conditions for participations in the Microsoft Bug Bounty Program. The report submission must also provide a proof, demonstrating the vulnerability exploitation and its impact on users.

Microsoft certainly expects vulnerabilities lists from researchers for its Chromium based Edge browser before its official release.

READ NEXT: Microsoft finds two new wormable vulnerabilities in Remote Desktop Devices

Leave a Reply

Your email address will not be published. Required fields are marked *

eighty eight − eighty four =