Last month, Microsoft announced a bounty program that targets Remote Code Execution vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow Ring. Today, they added new types of vulnerabilities to this bounty program.
This program now includes:
- Same Origin Policy bypass vulnerabilities (example: UXSS)
- Referer Spoofing vulnerabilities
- Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
- Vulnerabilities in open source sections of Chakra
- The bounty will run August 4, 2016 through May 15, 2017 and vulnerabilities on UXSS and referer spoofing submitted to [email protected] after August 4, 2016 will be retroactively rewarded
- Bounty payouts will range from $500 USD to $15,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
- Vulnerabilities must be reproducible on the latest Windows Insider Preview (Slow track)
- All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to [email protected]
For more details on Bug Bounty Programs, visit this page.