Microsoft launches Edge Vulnerability Research
After announcing the use of an open-source codebase to rebuild the Edge browser in January 2020, Microsoft recently announced the launch of a zero-day vulnerability security research program for Chromium similar to the Google Project Zero style. A group of browser security experts will conduct in-depth research on Google’s browser development library.
Microsoft’s engineering director and chief security officer Johnathan Norman pointed out in a blog post: “Over the next few months, we will detail some of the vulnerabilities we have found so far, how we exploited them, the methods we used to identify those issues and lessons from trying to secure a complex codebase,” said Johnathan Norman, principal security engineering lead at Microsoft. Although we are not limiting ourselves to any specific topics, we plan to share code and writeups for exploits, tools for finding bugs and share some insights into how we are working to secure Edge”
Norman said that the research project will issue responsible disclosure guidelines “will primarily focus on Edge and other Chromium-based browsers but will occasionally include other targets as well.”