Microsoft announces Chromium Edge bug bounty program

Microsoft has launched its bug bounty program for its Chromium Edge browser. The bug bounty program will enable security researchers from around the globe to spot and report bugs in the browser.

Announcing the start of the bug bounty program for Chromium Edge, Microsoft confirmed that the program will have rewards which will range from $1,000 to a maximum of $30,000. The rewards will be awarded based on the severity of a find. The rewards will further also depend on the quality of the submission and will be subject to the company’s bounty terms and conditions.

In a post, Jarek Stanley, senior program manager at Microsoft said: “We welcome researchers to seek out and disclose any high-impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium, and offer rewards up to the US $30,000 for eligible vulnerabilities in Dev and Beta channels.”

The rewards will be awarded in tiers. While spoofing and tampering reports could fetch researchers between $1,000 and $6,000, reports on information disclosure and remote execution will make them eligible for awards between $1,000 and $10,000. And the elevation of privilege related reports can get the security sleuths between $5,000 and $15,000. The highest category of bounty can be availed by the researchers by reporting a combination of elevation of privilege flaw and a Windows Defender Application Guard container escape.

Microsoft had recently launched the Chromium Edge browser in beta for Windows 7,8/8.1, 10 and the macOS.