Microsoft will pay up to $15,000 for finding a Remote Code Execution issue in Edge

Microsoft has announced an extension of its Bounty Programs that will offer security researchers up to $15,000 if they find a Remote Code Execution issue in the Microsoft Edge browser.

In a blog post, Microsoft stated this new bounty program will run from now until May 15, 2017. In addition to Remote Code Execution vulnerabilities in Edge, Microsoft is also paying if developers find similar issues with the Open Source sections of its Chakra rendering engine. These issues must be reproducible with Insider builds of Windows 10 in the Slow update ring.

Microsoft added:

As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 USD will be made to the first external researcher who reports the issue.

Security researchers can find out more info on this new Microsoft Edge bug bounty program on its website.

John Callaham