Microsoft pushes out Chromium-based Edge with new bug bounty program

$30,000 up for grabs

Microsoft has unveiled a new bug bounty program for its overhauled Edge web browser, complete with rewards of up to $30,000 for any high-impact vulnerabilities found.

In a blog post published yesterday, the company said that the Microsoft Edge Insider Bounty program would be available for the latest version of Edge, which is built on the Chromium browser engine.

A beta version of the browser was released earlier this week, some eight months after Microsoft announced it would pivot to the open source Chromium project.

The tech giant currently runs a bug bounty scheme for the existing EdgeHTML-based browser via its Microsoft Edge (EdgeHTML) on Windows Insider Preview.

The new program is set to run alongside this, although with higher cash rewards up for grabs for researchers.

Vulnerabilities unique to Edge-on-Chromium are eligible to rewards between $1,000 and $30,000, Microsoft said, depending on the severity and impact of the security issue.

A bounty for finding a remote code execution flaw (RCE), for example, ranges from $5,000 to $10,000.

The maximum bounty awarded under the EdgeHTML program is $15,000, and the new scheme is additionally meant to complement the Chrome Vulnerability Reward Program, to which the top prize is $150,000.

This is to avoid any bug disclosure repetition, Microsoft said.

“We’re excited to expand our bounty programs today to include the next version of Microsoft Edge and continue to grow and strengthen our partnership with the security research community,” Jarek Stanley, senior program manager at the Microsoft Security Response Center, said upon the release.

“We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium, and offer rewards up to US$30,000 for eligible vulnerabilities in Dev and Beta channels.”

Microsoft made the announcement hot on the heels of doubling its Azure bug bounty program, offering up to $40,000 for those disclosing vulnerabilities in its cloud computing platform.

Visit the Microsoft Edge Insider Bounty Program to learn how to submit.

YOU MIGHT ALSO LIKE Bug Bounty Radar // July 2019