Microsoft opens Chromium Edge bug bounty program with rewards up to $30,000
Microsoft worked Edge through a major overhaul, dropping EdgeHTML in favor of the open-source Chromium engine that also serves as the foundation for Google’s Chrome web browser. To allow the Chromium Edge to keep up with competition, the browsers needs to be proven safe and secure.
The Microsoft Edge Insider Bounty Program is inviting cybersecurity experts across the world to identify vulnerabilities in the Chromium Edge browser, with rewards ranging from $1,000 to $30,000 depending on the severity and impact of the bug.
The bug bounty program is seeking vulnerabilities that are only found on Chromium Edge and not in any other browser based on the same engine. Microsoft gave bounty hunters starting points to look for bugs by pointing out features that are unique to its new browser. These are the Internet Explorer Mode, the PlayReady DRM, signing in with Microsoft Account or Azure Active Directory, and Application Guard.
Sending in reports for spoofing and tampering will earn between $1,000 and $6,000, information disclosure and remote code execution will be awarded between $1,000 and $10,000, and elevation of privilege will rake in between $5,000 and $15,000.
The highest reward tier of $30,000 will be given in exchange for finding a combination of an Elevation of Privilege flaw and a Windows Defender Application Guard container escape.
High-quality submissions will earn more than low-quality ones. To be tagged as high quality, a submission should provide the necessary information to easily replicate and fix a bug, which usually entails a concise write-up or video that contains background information, a description of the vulnerability, and a proof of concept.
In our hands-on review of the Chromium Edge beta, the browser proved to be a big improvement compared to the original Edge, as it is faster, more efficient, cleaner, and supports a wide variety of extensions. For those who are interested in trying out Microsoft’s new web browser, here are the instructions for downloading its stable beta build, which is the best version for everyday use.