Microsoft Edge introduces new security risks in Windows 10

Status
Not open for further replies.
S

sinu

Thread author
The Internet Explorer replacement Microsoft Edge is one of the headline features of Windows 10. With security at the heart of Microsoft’s latest operating system, and the general concern about online safety, it makes sense to put the web browser under the microscope to see how it fares against the competition.

This is exactly what security analysts at Trend Labs have done. While the teams concedes that Microsoft Edge beats Firefox’s security and roughly draws level with Chrome’s, the new web browser also introduces new security problems and threat vectors.

Of particular concern for the security experts is the integration of PDF reader and Adobe Flash plugins. With the historic and on-going security concerns with Flash, Trend Labs suggests that Microsoft Edge could have a problem on its hands:

While we believe that users and sites should move away from it, the reality is that for the foreseeable future Flash won’t go away yet. Attacks targeting Flash will continue to be a problem, and having it as a built-in feature may pose risks down the road.

The windows.data.pdf.dll module is singled out as worrisome, but Trend Labs points out that Chrome and Firefox have both managed to remain relatively secure after integrating plugins. Microsoft Edge’s ability to receive patches through Windows Update works in its favor, however.

Another potential security concern is Edge’s support for asm.js, a Mozilla-developed subset of JavaScript that has proved problematic in other browsers. Trends Labs warns that an exploit used to attack Firefox could also be used on Edge. As it stands, Edge has launched without support for extensions, but this is set to change in the near future. This also poses a security risk:

It is known that Chrome and Firefox extensions can be used by Microsoft Edge with relatively little modification, but other details have not been made clear. These extensions will run in the AppContainer sandbox, but sandbox escape vulnerabilities can be used to evade this. In addition, the threat of malicious extensions cannot be ruled out – either they may be malicious from the start, or a legitimate extension can be modified with an update to become malicious.

In all, Edge was found to have reached ‘security parity’ with Chrome, while managing to outpace Firefox.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top