All news with #microsoft edge tag

Microsoft Edge adds scareware sensor for faster blocking

🛡️ Microsoft is adding a new scareware sensor to Edge that notifies Defender SmartScreen in real time to speed up indexing and global blocking of tech-support and full-screen scam pages. The sensor is included in Edge 142, disabled by default, and reports suspected scams immediately without sharing screenshots or extra data beyond SmartScreen’s usual telemetry. Edge’s local scareware blocker — introduced at Ignite 2024 and widely enabled since February — still warns users, exits full-screen, stops loud audio, shows a thumbnail, and offers an option to continue. Microsoft plans to enable the sensor for users who have SmartScreen enabled and will add more anonymous detection signals over time.

Brash Exploit Crashes Chromium Browsers via Title API

⚠️ Security researcher Jose Pino disclosed "Brash", a severe flaw in the Blink rendering engine that can crash many Chromium-based browsers within 15–60 seconds via a single malicious URL. The root cause is missing rate limiting on the document.title API, enabling attackers to inject millions of DOM mutations per second and saturate the browser UI thread. Pino describes a three-phase technique — hash generation, burst injection, and UI-thread saturation — and warns the code can be time-triggered to act like a logic bomb. Affected products include Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, Arc, Dia, and some AI browser interfaces; Firefox and Safari are not vulnerable.

Microsoft restricts IE mode in Edge after zero-day attacks

🔒 Microsoft is restricting access to Internet Explorer mode in Edge after discovering attackers leveraged an unpatched zero-day in the Chakra JavaScript engine combined with social engineering to achieve remote code execution and privilege escalation. The company removed quick UI triggers (toolbar button, context menu, hamburger items) so IE mode now requires explicit configuration under Settings > Default Browser. Commercial, policy-managed deployments remain unaffected.

Microsoft Restricts Edge IE Mode After Active Exploits

🔒 Microsoft has tightened access to Internet Explorer mode in Edge after credible reports in August 2025 that unknown actors abused the legacy compatibility feature to compromise devices. Attackers used social engineering to coerce users into reloading pages in IE mode and then chained unpatched Chakra JavaScript engine exploits to gain remote code execution and elevate privileges. Microsoft removed the IE mode toolbar button, context-menu and hamburger-menu entries; IE mode must now be enabled explicitly via Edge settings and sites must be added to an IE mode pages list.

Microsoft Edge to Revoke Malicious Sideloaded Extensions

🔒 Microsoft will add a security feature to Edge that detects and revokes malicious sideloaded extensions. The protection targets extensions installed via Developer Mode or other local sideloading methods that bypass the Microsoft Edge Add-ons vetting process. Microsoft plans a worldwide rollout in November for standard multi-tenant instances, aiming to reduce large-scale extension abuse and forced-install campaigns.