Microsoft is offering up to $30,000 to hack Chromium-based Edge browser

Researchers Can Earn Up To $30,000 With Microsoftโ€™s New Chromium Edge Browser Bounty Program

Microsoft has launched a newย Insider Bounty Program for its beta version of its new Chromium-based Edge browser that will reward researchers up to $30,000 for finding vulnerabilities that are unique to Edge.

โ€œWeโ€™re excited to expand our bounty programs today to include the next version of Microsoft Edge and continue to grow and strengthen our partnership with the security research community,โ€ Jarek Stanley, senior program manager at Microsoft, said in aย Tuesday post. โ€œWe welcome researchers to seek out and disclose any high-impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium, and offer rewards up to US $30,000 for eligible vulnerabilities in Dev and Beta channels.โ€

Under the Microsoft Edge Insider Bounty Program, researchers can earn between $1,000 up to $30,000 for finding critical and important vulnerabilities in Microsoftโ€™s Edge Dev and Beta channels.

Microsoft said that aimed to complement Googleโ€™s existingย Chrome Vulnerability Reward Program, which also offers a top reward of $30,000 for a high quality bug report.

Additionally, the new bounty program will run along with the existing Microsoft Edge (EdgeHTML) on Windowsย Insider Preview bounty program that offers a top reward of $15,000, the tech giant added.

โ€œThe goal of the Microsoftย Edgeย (Chromium-based)ย Insider Bounty Program is to uncover vulnerabilities thatย are unique toย the next Microsoft Edgeย whichย have a direct and demonstrable impact on the security of our customers,โ€ Microsoftย said.

To be eligible for a reward in the Chromium-based Edge bounty, the vulnerabilities submitted by the researchers must meet the following criteria(s):

  • Identify aย previously unreported vulnerabilityย that isย unique toย Microsoft Edgeย based on Chromium,ย in theย Betaย orย Devย channels,ย andย whichย does notย reproduce onย the equivalent channel ofย Googleย Chrome.
      • Vulnerabilities must beย reproducible onย theย latest version of Microsoft Edgeย at the time of submissionย running on the latest, fully patched version of Windowsย (including Windows 10, Windows 7ย SP1 or Windows 8.1)ย or MacOS at the time of submission.
      • Include theย version number of Microsoft Edgeย used to reproduce the vulnerabilityย (e.g.ย Version 77.0.188.0 (Official build) devย (64-bit), and the version number of Chrome used to verify thatย it does not reproduce on Chrome.ย Eligible version numbersย of the next version of Microsoftย Edge will begin with at leastย 77 orย higher.
  • Demonstrable exploits in third party components that repro in Microsoft Edge but not in Chrome are also eligible for consideration under this bounty program. Testing in Windows Insider Preview is not required.
      • Requires full proof of concept (PoC) of exploitability.ย  For example, simply identifying and out of date library would not qualify for an award.
  • Include concise reproducibility steps that are easily understood, either in writing or in video format.
      • This allows submissions to be processed as quickly as possible and supports the highest bounty awards.
  • Must provide Proof of Concept (PoC) with submission.

Microsoft may accept or reject any submission at their sole discretion that they determine does not meet the above criteria(s).

You can read more about the Microsoft Edge Insider Bounty Program and the rewards here. Further, those who are interested in the new beta version of Microsoft Edge, can download it from here.

Source: Microsoft

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post