A few days back, Microsoft released a new beta version of its Chromium Edge browser. Alongside this, the company also announced a huge bounty program for the researchers.
According to the official blog post of Microsoft, finding vulnerabilities in the Chromium-based Internet Edge can gain researchers bounty rewards starting from $1,000 to $30,000. The new program will run alongside the previous bounty program for EddgeHTML engine-based Edge browser that offers rewards of up to $15,000.
While the new bounty offers huge lumps of money, Microsoft doesn’t make it an easy catch. The company will only reward the vulnerabilities unique to the chromium-based Microsoft Edge. Vulnerabilities “which do not reproduce on the equivalent channel of Google Chrome” won’t be counted.
Other than that, Microsoft writes that the reward money will be based on the complexity of the issue and quality of reporting. For instance, $30,000 award is only dedicated to a critical privilege escalation flaw with a container escape from the Windows Defender Application Guard (WDAG). Furthermore, finding an escalation flaw without a WDAG container escape will get you a $15,000 reward.
Other vulnerabilities such as Remote Code Execution and Information Disclosure can get researchers up to $10,000. Microsoft also listed out a few terms under which submissions might not even get you a reward.
Microsoft says the new bounty program is meant to be a compliment to Google’s Chrome bounty program. Google runs a Vulnerability Reward Program that has awarded huge cash rewards to the researchers.
Currently, more than one million people have installed the beta version of the new Microsoft Internet Edge. You can get the new beta version from this Microsoft’s Edge Insiders site.