X
Tech

Windows 10 Edge: Now Microsoft puts $15k bounty on remote attack browser bugs

Microsoft is running a special 10-month bug bounty for Edge on Windows Insider Preview builds.
Written by Liam Tung, Contributing Writer
microsoft-windows-10-edge-browser-internet-explorer-2015-1.jpg

Microsoft will offer payments of between $500 to $15,000 for remote code-execution vulnerabilities in Edge on Windows Insider Preview. (Image: Microsoft)

Microsoft has launched a special bug bounty designed to uncover remotely exploitable bugs in its Edge browser on Windows Insider Preview builds.

The limited-term bounty adds to Microsoft's ongoing vulnerability rewards programs for security researchers who privately report serious flaws in its generally available software.

Under this temporary bounty, Microsoft will offer payments of between $500 and $15,000 for remote code-execution vulnerabilities in Edge on Windows Insider Preview, which aims to capture bugs in the pre-release stages of development.

The Insider program offers Windows fans an early look at pre-release versions of the operating system, as well as Edge.

Microsoft is also inviting hackers to probe the open-source section of Chakra, Microsoft's JavaScript engine for Edge.

And, since the Edge preview bounty pushes deeper into Microsoft's pre-release phase, Microsoft says it will pay up to $1,500 for bugs that it's already aware of.

"As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 will be made to the first external researcher who reports the issue," said Microsoft.

Microsoft last year offered the same amount for the Edge technical preview, but the program only ran for three months.

This new Edge bounty will for run for 10 months, between August 4, 2016 and May 15, 2017.

Microsoft from time to time opens limited-term bug bounty programs for beta products. It similarly in June opened a four-month bounty, offering up to $15,000 for bugs in .NET Core and ASP.NET Core RC2 beta builds.

The Edge bounty comes as Microsoft rolls out the Windows 10 Anniversary update, which brings EdgeHTML 14, its third update to the Edge web platform.

The Anniversary Update version of Edge contains additional protections against kernel attacks and imposes further restrictions on Adobe Flash in the browser.

According to Microsoft, Flash now runs in isolated containers to thwart attacks on it that undermine Edge. The updated Edge also introduces click to play for Flash content.

    More on Edge and Windows 10

    Editorial standards