HomeWinBuzzer NewsMicrosoft Expands Bug Bounty Program for Edge Insider Preview

Microsoft Expands Bug Bounty Program for Edge Insider Preview

Microsoft's bug bounty program now extends to violations in W3C standards, including Same Origin Policy bypass and Referer Spoofing


's bug bounty program for Edge traditionally focused on remote code execution vulnerabilities, but on Wednesday the company widened the bounty to include other security flaws.

Users will now get up to $15,000 for spotting vulnerabilities that lead to the violation of W3C standards, as well as RCEs.

Bug Bounty Details

Microsoft is now looking for the following vulnerabilities:

  • “Same Origin Policy bypass vulnerabilities (example: UXSS)
  • Referer Spoofing vulnerabilities
  • Remote Code Execution vulnerabilities in on Windows Insider Preview
  • Vulnerabilities in open source sections of Chakra”

The bounty will begin on August 4th, and run all the way through to May of 2017. Payouts can be anywhere between $500 and $15,000, and you can still get up to $1,500 for bugs Microsoft has already found internally.


Payout varies depending on how severe the bug is.

Submitters must also adhere to the following criteria:

  • “Identify an original and previously unreported vulnerability in the current Microsoft Edge on WIP slow.
  • Include concise reproducibility steps that are easily understood.
  • Include the WIP slow build number on which the vulnerability reproduces.”

The only other limitation is that the bugs need to be reproducible on the latest Slow Ring Insider Preview. They also need to be emailed to [email protected] to qualify for the reward.

“Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time,” says the company, adding that W3C exploits “compromise privacy and integrity of important user data.”

Other Bug Bounties

There are currently a number of other Microsoft bounty programs that are not related to Edge. The most recent applies to .NET Core and ASP.Net Core.

Eligible bugs in this program include bypasses of CSRF protection, Encoding, Data Protection failures, Information disclosures to a client, Authentication bypasses, and Remote Code Execution. This time, it applies to RTM versions, as well as beta and RC releases.

There are also programs for Office 365, Azure, Mitigation Bypass and Defense. You can read up on all of the details of the upcoming Edge bounty here.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News