Friday, July 30, 2021
400 July

Pension 1500 gif

Shaheed 50 lakh gif

Kisan Karza 5.64 lakh gif

Kisan 48 hours gif

Ashirwad 51000 gif

Sohna Markfed

Innocent Admission

Microsoft awards $20,000 to LPU BTech Student Vansh Devgan

- Advertisement -

Jalandhar, July 21, 2021 (Yes Punjab News)
BTech Computer Engineering final year student at LPU, Vansh Devgan has been applauded by ‘Microsoft’ with a bounty reward of USD 20,000 (Nearly Rs 15 Lakh) for his significant security search to ultimately favour the techno-giant company. Vansh, along with his team member, has enabled Microsoft to correct crucial security flaws in its ‘Edge’ internet browser. These flaws were duly notified to Microsoft by this two-man team of cyber security researchers, led by LPU student-Vansh.

LPU Chancellor Mr Ashok Mittal congratulated the creative, enterprising and industrious student, and invoked all others to keep utilizing the creative skills learnt through their respective departments. Thanking Vansh and his team-member, Microsoft has mentioned in a message: “Based on the assessment from our engineering team, we have determined that your case 65333 is eligible for a USD 20,000 bounty award under the ‘Edge’ on Chromium Bounty Program.”

Illustrative, ‘bounty’ is a payment or reward often offered by a group as an incentive for the accomplishment of a task by someone not associated with the group. On this line, the ‘Microsoft Edge Bounty Program’ welcomes individuals from across the globe to seek out and submit vulnerabilities unique to Microsoft Edge based on Chromium.

Qualified submissions, as those of LPU’s Vansh and his team, are eligible for bounty rewards of USD 1,000 onwards. These bounties are awarded at Microsoft’s discretion based on the severity and impact of the vulnerability and quality of the submission. Thus, Microsoft paid out the highest reward of USD 20,000 to Vansh.

Technically speaking, the team of two found a “vulnerable code” involving uXSS (Universal Cross Site Scripting) in Microsoft’s Translator. This code comes pre-installed in Microsoft Edge browser. The same is reported under the ‘Edge’ on Chromium Bounty Program. In fact, Vansh is a cyber-security enthusiast, into part-time bug bounty hunting, and also running his innovative business – ‘CyberXplore’, along with his team member Shivam.

It is now learnt that “the security vulnerability, tracked as CVE-2021-34506, has been fixed in the latest release of Microsoft Edge Stable Channel (Version 91.0.864.59). The impact of the security flaw was very severe. Anyone who visited a website using Microsoft Edge browser, and hit the language translate button to read the content in their preferred language, could inject an arbitrary code to perform whatever they wanted to.

Explaining, Vansh shares: “We created a profile on Facebook with a name in a different language and XSS payload. Then, we sent a friend request to the victim- using Microsoft Edge. As soon as he checked our profile, he got hacked through a popup because of auto translation.” He also claims that they were even able to bypass ‘YouTube’ and the ‘Windows Store Application’ exploiting this vulnerability.

Vansh further simplifies: “Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code. When such vulnerabilities are found and exploited, the behaviour of the browser is affected and its security features may be bypassed or disabled”.

Subscribe to YesPunjab Telegram Channel & receive important news updates

- Advertisement -

Yes Punjab - TOP STORIES

Punjab News

Sikh News

Transfers, Postings, Promotions

- Advertisement -spot_img

Stay Connected






Attack on Chinese in Pakistan

Who is behind the attack on Chinese in Pakistan – by Amjad Ayub Mirza

The deadly attack, carried out on July 15, on a coach carrying Chinese engineers to an under-construction tunnel site at the 4300 MW Dasu...

Coexistence, a unifying factor for Indians – by Asad Mirza

For most political parties, sociologists and psephologists what a common Indian on the street thinks matters most. It is an insight into a common...
Taliban Afghanistan

Taliban’s Next Stop: Kabul, Kashmir and Kerala – by Amjad Ayub Mirza

The speedy advance of the Taliban from northern Afghanistan to Kabul in the eastern section of the country could not have been achieved without...


Health & Fitness

Woman eating strawberry

Eat strawberries, oranges daily to cut risk of cognitive decline

New York, July 29, 2021- People who eat a diet that includes at least half a serving per day of foods high in flavonoids like strawberries, oranges, peppers and apples may have a 20 per cent lower risk of cognitive decline, according to a study. Flavonoids are naturally occurring compounds found in plants and are considered powerful antioxidants. It is...

Gadgets & Tech

error: Content is protected !!