Microsoft has kicked off a new bug bounty for its Chromium-based Microsoft Edge browser and is offering researchers up to $30,000 per bug for reporting issues.
Microsoft says it aimed to “complement” Google’s existing Chrome Vulnerability Reward Program, which also offers a top payout of $30,000 for a high quality bug report with a working exploit for issues like a sandbox escape.
The bounty a bit of a fringe contest at the moment and is aimed at bugs that can be reproduced on the freshest version of Microsoft's Chromium-based Edge browser, but that don’t work against the latest version of Chrome.
So far it’s only offered Canary and Developer channel releases of the new Edge, but today it kicked off the Beta release channel, signaling that it is getting close to a general availability release, at which point it will join Opera, Brave and dozens of other Chromium-based browsers.
Canary builds are refreshed daily, while new developer builds are made available every week. New beta builds of Edge, which are “ready for every day use”, according to Microsoft, will be released roughly every six weeks.
The Microsoft Chromium-based Edge bug bounty offers up to $30,000 for “critical and important” security flaws found in builds released in the developer and beta channels.
That’s double the amount it offers for “critical remote code execution and design issues” in the current version of Edge that’s based on Microsoft’s EdgeHTML engine in the Windows Insider Preview slow ring.
“As we release Beta, we remain committed to delivering a high-quality product and nailing the fundamentals of a great browsing experience. Beta represents the most stable preview channel, as features are added to Beta only after they have cleared quality testing in first the Canary channel and then the Dev channel. Major version updates can be expected roughly every six weeks, alongside periodic minor updates for bug fixes and security,” said Joe Belfiore, corporate vice president of Windows.
The Chromium-based Edge beta channel is the final preview channel before the company officially launches the new version of Edge, though the company hasn't said when it intends to release a "stable" channel.
In the new beta build, Edge users should see changes it’s been testing in Canary and Developer releases, such as different layouts for the new tab page called “focussed”, “inspirational”, and “informational”.
At the moment, the new page tab displays Microsoft’s Bing search engine bar and there is no way for users to hide it, much like Google includes a non-removable Google Search bar on new tabs in Chrome.
Microsoft today revealed some of the top user requests it’s received through its previews. Among them was a request to hide the Bing search bar in the new tab page as well as the ability to sign in to the new browser with a Google account. At the moment, users can only sign into the new Edge with a Microsoft account.
Microsoft said it was "reviewing" these requests, but it's not likely the company would want to see its new Google-free Chromium browser used to support Google's internet services.
The top $30,000 reward for Chromium-based Edge is available under the Windows Defender Application Guard Program (WDAG) and requires an exploit can be used to elevate privileges of a user and perform a container escape from WDAG. Details about the new bug bounty are available here.