Microsoft has opened a bug bounty programme for its Chromium-based Edge browser, with rewards ranging from $1,000 (roughly Rs. 72,200) to $30,000 (roughly Rs. 21,66,500). This new bounty program seeks to invite researchers from around the world to find and report bugs and vulnerabilities unique to the Microsoft Edge browser. Additionally, the rewards will be awarded on the basis of how severe the bug is. The rewards also depend on the quality of the submission, and of course subject to the Microsoft Bounty terms and conditions.
According to Microsoft's blog post about the Bug Bounty programme, the company will be rewarding those who will report bugs by focusing on a set of features that are unique to the Chromium-based Microsoft Edge browser. These features include Internet Explorer Mode, PlayReady DRM, signing in with a Microsoft Account or an Azure Active Directory and Application Guard.
As we mentioned above, the Bounty rewards range from $1,000 to $30,000 and the award money only depends on the quality and the severity of the bug submission. Also, the researchers who have submitted a bug report, but still do not qualify for a bounty reward, may still be eligible for public acknowledgement, if their submission leads to a vulnerability fix.
There are various tiers in which the company is offering rewards to the researchers. So, for submitting reports relating to Spoofing or Tampering will earn anywhere between $1,000 and $6,000 (roughly Rs. 4,33,000). Information Disclosure and Remote Code Execution will earn anywhere between $1,000 to $10,000 (roughly Rs. 7,22,000). Elevation of Privilege will earn anywhere between $5,000 (roughly Rs. 3,61,000) to $15,000 (roughly Rs. 10,83,000). And finally, the highest reward of $30,000 will only be given to those who report bugs that have an Elevation of Privilege flaw and a Windows Defender Application Guard container escape. Do note, that the high-quality submissions will definitely be rewarded more than the low-quality submissions.