Microsoft’s Edge Insider Bounty Program is inviting cybersecurity experts across the world to identify vulnerabilities in the Chromium Edge browser. It is also promising rewards ranging from from $1,000 to $30,000 depending on the severity and impact of the bug.
Microsoft wants experts to discover vulnerabilities in the Chromium Edge only. And is not looking for vulnerabilities in any other browser based on the same engine. “We welcome researchers to seek out and disclose any high-impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium. And offer rewards up to the US $30,000 for eligible vulnerabilities in Dev and Beta channels,” Jarek Stanley, senior program manager at Microsoft, said in a post.
The Redmond-based company is offering rewards in various tiers. Spoofing and tampering reports can earn anywhere between $1,000 and $6,000. Information disclosure and remote code execution can earn between $1,000 and $10,000. And elevation of privilege will rake in between $5,000 to $15,000. Lastly, $30,000 will be given in exchange for finding a combination of an Elevation of Privilege flaw and a Windows Defender Application Guard container escape, DigitalTrends reports.
High-quality submissions will earn more than low-quality ones. A high quality submission needs to offer the necessary information to easily replicate and fix a bug. This usually entails a concise write-up or video that contains background information, a description of the vulnerability, and a proof of concept.