Skip to main content

Microsoft opens Chromium Edge bug bounty program with rewards up to $30,000

Microsoft has launched a bug bounty program for Chromium Edge, with security starting to become an even more important aspect as the web browser moves closer to its first official release.

Microsoft worked Edge through a major overhaul, dropping EdgeHTML in favor of the open-source Chromium engine that also serves as the foundation for Google’s Chrome web browser. To allow the Chromium Edge to keep up with competition, the browsers needs to be proven safe and secure.

The Microsoft Edge Insider Bounty Program is inviting cybersecurity experts across the world to identify vulnerabilities in the Chromium Edge browser, with rewards ranging from $1,000 to $30,000 depending on the severity and impact of the bug.

The bug bounty program is seeking vulnerabilities that are only found on Chromium Edge and not in any other browser based on the same engine. Microsoft gave bounty hunters starting points to look for bugs by pointing out features that are unique to its new browser. These are the Internet Explorer Mode, the PlayReady DRM, signing in with Microsoft Account or Azure Active Directory, and Application Guard.

Sending in reports for spoofing and tampering will earn between $1,000 and $6,000, information disclosure and remote code execution will be awarded between $1,000 and $10,000, and elevation of privilege will rake in between $5,000 and $15,000.

The highest reward tier of $30,000 will be given in exchange for finding a combination of an Elevation of Privilege flaw and a Windows Defender Application Guard container escape.

High-quality submissions will earn more than low-quality ones. To be tagged as high quality, a submission should provide the necessary information to easily replicate and fix a bug, which usually entails a concise write-up or video that contains background information, a description of the vulnerability, and a proof of concept.

In our hands-on review of the Chromium Edge beta, the browser proved to be a big improvement compared to the original Edge, as it is faster, more efficient, cleaner, and supports a wide variety of extensions. For those who are interested in trying out Microsoft’s new web browser, here are the instructions for downloading its stable beta build, which is the best version for everyday use.

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Microsoft Edge gets a big update with new themes, history and tab sync, and more
The Microsoft Edge browser on a flat surface.

New Themes in Microsoft Edge

Microsoft's new Chromium-based Edge browser is getting one of its biggest updates since it was introduced out of beta last year. Version 88 of the browser now finally supports history and tab sync across devices and also sports some new themes and a password generator.

Read more
Sony’s revamped PlayStation bug bounty program offers cash rewards
Two people play a soccer game on PS4

Sony is inviting one and all to hunt down bugs on its PlayStation platform for some potentially big cash payouts.

The entertainment giant has actually had a bug bounty program in place for some time, but operated it privately with select researchers. This week’s announcement means the program is now open to everyone, including “the security research community, gamers, and anyone else,” Geoff Norton, Sony’s senior director of software engineering, wrote in a blog post about the expansion.

Read more
Goodbye, old Edge. Microsoft’s new browser will soon automatically replace it
Microsoft Edge browser on a computer screen.

Microsoft has been touting its new Edge browser for months, but now it will finally be automatically replacing the old one. At the Build 2020 developer conference, Microsoft announced some new updates and milestones for its new Edge browser, powered by Google's open-source Chromium project. All Windows 10 devices will get the browser automatically within the next few weeks, and new features like a Pinterest integration with Collections in Edge will be coming soon, as well.

Following a general release earlier in January 2020, which came as an optional download, Microsoft's noted its new Edge browser will soon be delivered with a "measured rollout" via Windows Update. This means that eventually, all Windows 10 PCs will have the new version of Edge, replacing the older -- and less popular -- version of the Edge browser which runs on Microsoft's proprietary EdgeHTML browser engine.

Read more