Indian boys, Vansh Devgan, Shivam Kumar Singh, win ₹15 lakh Microsoft bug bounty for unveiling big flaws
Microsoft bug bounty was won by 2 Indian boys, Vansh Devgan from Uttar Pradesh and Shivam Kumar Singh from Jharkhand, for discovering flaws in Microsoft Edge browser.
Two Indian boys, Vansh Devgan from Uttar Pradesh and Shivam Kumar Singh from Jharkhand, have won a huge bounty for discovering a bug in Microsoft edge browser. A vulnerability was found in the Microsoft Translator tool that is pre-installed in the Edge browser. Microsoft has rewarded $20,000 ( ₹15 lakh approx) to the duo for discovering the security flaws and reporting them to the company. The duo was awarded under Microsoft's Edge on Chromium Bounty Program.
The Microsoft Edge vulnerability was discovered by two cyber security researchers - according to a report by Times of India. Shivam is a business owner, and also does part time bug bounty hunting. As for Vansh, he's a cyber security enthusiast who has completed his third-year in B.Tech Computer Science from Lovely Professional University.
The vulnerability has been identified as CVE-2021-34506, and Microsoft has fixed it with the latest update of Edge. Microsoft Edge users are advised to update the browser to the latest version 91.0.864.59. The security vulnerability can be activated when the language translation tool is used in Microsoft Edge. If users visit any website in Edge, and select the language translation tool then it could trigger an arbitrary code to perform anything. So it was quite easy to run arbitrary code since it only required turning on auto translate in Microsoft Edge.
“We created an profile on Facebook with name in different language and XSS payload and sent an friend request to victim (he is using Microsoft edge) as soon as he checks are profile he got hacked (SCC popup because of auto translation)”, Vansh was quoted as saying by TOI. Vansh and Shivam were able to bypass YouTube and the Windows Store app as well by exploiting this vulnerability.
Microsoft recently paid 20-year old ethical hacker Aditi Singh $30,000 ( ₹22 lakh approx) for discovering a bug in the Azure cloud system. Tt was a remote code execution (RCE) bug that Aditi discovered in Microsoft's Azure cloud system.