Microsoft widens Edge browser bug hunt for bounty hunters

Keeping you in hoodies

Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Microsoft has expanded its programme for rewarding those who find and report bugs in its Edge browser, enabling bounty hunters to claim their prize for a broader range of vulnerabilities.

The snappily titled "Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Programme" was launched in August, and enabled anyone to report vulnerabilities they discover in Microsoft Edge in exchange for flippin’ great wodges of cash.

Now, the firm has expanded the programme, with a focus on vulnerabilities that lead to “violation of W3C standards that compromise privacy and integrity of important user data”, or which enable remote code execution by a particular threat vector.

Specifically, the bounty programme now covers the following:

  • Same Origin Policy bypass vulnerabilities (such as universal cross-site scripting)
  • Referrer Spoofing vulnerabilities
  • Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
  • Vulnerabilities in open source sections of Chakra

The programme is due to run until May 15, 2017, and those bug-bashers successfully reporting a flaw will get rewarded with a payout ranging from $500 to $15,000.

For anyone who is unlucky enough to find a vulnerability that the devs inside Microsoft have already found themselves, a payment will be made to the first to report up to a maximum reward of $1,500.

However, the caveat is that any bugs found must be relevant to Microsoft’s Edge browser running in the current Windows Insider Preview Slow Ring release code, and critically, must also be reproducible.

Keen-eyed bounty hunters can find more details on Microsoft’s Bounty Programmes from its website. ®


Biting the hand that feeds IT © 1998–2017