Today, Microsoft announced about a new bounty program called Microsoft Edge Insider Bounty Program for its upcoming Microsoft Chromium-based Edge browser. Microsoft invites all individuals to report unique vulnerabilities that are present in the latest version of Microsoft Chromium Based edge in Beta or Dev Channels.
The company has also explained the acceptable submission. For example, The bug one find must be present in the latest version of Windows or Mac. Also, it is not already present in any of the Chrome Dev Channel and so on.
Microsoft also asks Individuals to show the proof of concept of the exploitability of the bug via some sort of video or article.
Some of the features that are unique to Microsoft Chromium Edge and where you could spot bugs are mentioned below.
- Internet Explorer Mode
- PlayReady DRM
- Sign in with Microsoft Account or Azure Active Directory
- Application Guard
Microsoft Edge Insider Bounty Program Vulnerability Spot Rewards
The Bounty award ranges in between $1000 to $30,000. However, it depends on the risk of vulnerability. For example, Finding an important Spoofing or Tampering vulnerability will lead a bounty reward in between $1000 to $6000. Similarily, Finding an Important vulnerability specific to Infomation disclosure generates a bounty in between $1000 to $6000. The highest bounty one can earn when finding a vulnerability in the Elevation of Privilege and WDAG Container escape. Here, Microsoft giving $30000 as the bounty reward under Windows Defender Application Guard Program.
You can read more about Microsoft Bug Bounty Program for Chrome Based Edge browser here. However, you could submit the full report of vulnerability at Microsoft MSRC Researcher Portal.