Microsoft Offers $30K for Hacking Chromium Edge Browser | News & Opinion
The rewards for finding vulnerabilities in the new Chromium-based Edge browser range from $1,000 right up to $30,000 for the most serious security breach.
The revamped Chromium-based Edge web browser has been available publicly since April, but as we edge (sorry!) closer to the first official release, Microsoft is getting serious about security.
As PCGamesN reports, this week Microsoft launched a new Insider Bounty Program for its Edge browser. It "welcomes individuals across the globe to seek out and submit vulnerabilities." In return, you could earn quite a bit of cash depending on the severity of the security bug discovered.
The vulnerabilities are classified by their security impact and severity, with the reward paid scaling with each. At the low end of the scale is a report of spoofing or tampering, which can earn the reporter between $1,000 and $6,000 depending on severity. Information disclosure tops out at $10,000 for the most critical bugs, and an Elevation of Privilege ranges from $5,000 to $15,000 per vulnerability.
The most money can be earned from finding a combination of an Elevation of Privilege and a Windows Defender Application Guard (WDAG) container escape. Show Microsoft how you achieved that in Edge and a check for $30,000 could be in the mail. The $30,000 would actually be awarded from a separate WDAG Bounty Program, so I bet there's a chance you could double up and earn the $15,000 Elevation of Privilege reward, too.
Bug bounties are an important part of software security today. They are a great incentive to security researchers and white hat hackers to focus in on a piece of software and find all the vulnerabilities (in this case) Microsoft overlooked. In the end, consumers benefit, too, as we end up with more secure software on our PCs.
Gloss