Microsoft launches bug bounty programme for Chromium-based Edge

The latest browser from Microsoft will offer rewards twice the value of the previous HTML build

Microsoft Edge

Microsoft has launched a fresh bug bounty programme specifically for its Chromium-based Edge browser, offering rewards double the value of its previous HTML Edge version.

The maximum reward for hunters finding significant flaws in the latest version of its flagship browser has increased to $30,000 for the most critical vulnerabilities.

Other issues will be judged by their significance, depending on how impactful the flaw is to future versions of Edge, with hunters being rewarded from $1,000 upwards.

The launch of the latest bug bounty programme coincides with the launch of the beta preview of the next Edge version and will work hand-in-hand with Microsoft's Researcher Recognition Program.

The initiative acts somewhat like a loyalty card for bug hunters who follow Microsoft's vulnerability disclosure process: Points are awarded for every bug they report and these points can be multiplied depending on the product on which they're found.

A bug found in Azure or Windows Defender, for example, is eligible for a 3x points multiplier whereas Edge on Chromium gets a mere 2x multiplier GitHub and LinkedIn receive none.

Once a hunter accrues enough points, they "may be recognised in our public leaderboard and rankings, annual Most Valuable MSRC Security Researcher list, and invited to participate in exclusive events and programs," said Microsoft.

The program will also run alongside the pre-existing bug bounty for the HTML version of Edge, which offers rewards of between $500 - $15,000.

"Vulnerabilities that reproduce in the latest, fully patched version of Windows (including Windows 10, Windows 7 SP1 or Windows 8.1) or MacOS may be eligible for the Microsoft Edge Insider bounty program," said Microsoft. "Windows Insider Preview is not required."

Since the browser is powered using Chromium, the new bug bounty programme will support the Chrome Vulnerability Reward Program "so any report that reproduces on the latest version of Microsoft Edge but not Chrome will be reviewed for bounty eligibility based on severity, impact, and report quality," it added.

The Chrome Vulnerability Reward Program currently offers rewards ranging vastly from $500 to $150,000 with the greatest rewards likely to be issued for bugs found in Chrome OS.

Apple also announced the expansion of its bug bounty programme at Black Hat 2019 in August, making it the most lucrative bounty program in tech.

In addition to dishing out special iPhones to select bug hunters, making it easier for them to investigate the flagship Apple device, it announced a maximum reward for bugs of up to $1.5 million.

Back in March, an Argentinian teenage bug hunter became the first in the world to earn $1 million from lawfully finding and disclosing bugs in bounty programs. He reported more than 1,600 bugs notable inclusions were major issues with Twitter's and Verizon's products.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021