9 Microsoft Edge Features Chrome Doesn't Have (...yet)

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
The relationship between Chrome and derivatives like Edge is similar to the relationship between auto makers like Mercedes and AMG and tuning shops.
This looks like a "Learn Tai-Chi" video!:D
It may also be related to the fact that the Edge icon looks like the "Yin Yang".:D🕺
72e4aa92ad6fc8d77cd42e25ec42adac_t.jpeg
 
F

ForgottenSeer 92963

Here are 5 security features which Chrome does not have

1. De-elevation on start of broker process
What it does: when you run Edge as Admin, the broker process de-elevates from high to medium level integrity rights.
Why this matters: Medium Ievel Integrity rights processes have no write access to UAC protected folders (Windows, Program Files and most Program Data folders). This comes (security wise for Edge only) closer to running as a standard user than UAC.

2. Code Integrity Guard of renderer process
What it does: this allows only Microsoft signed DLL's to be loaded into the renderer process.
Why this matters: DLL's are dynamic load libraries. These DLL's can be injected in the renderer processes of your browser. Malware can not misuse this mechanisme to take control over the renderer process and ultimately over your PC (through a staged attack).

3. AppContainer for renderer process
This new feature will come to you automatically in next versions, early birds can enable this in registry or group policy.
What it does: it lowers the integrity rights of the renderer process from Untrusted to AppContainer. AppContainer is the build-in rights sandbox of the Windows OS (explanation). It isolates the renderer from unneeded resources and other application. No access means no opportunities for malware to misuse bugs and exploits in the chromium renderer process (the process which does the heavy work showing web content correctly on your screen).
Why it matters: It makes it harder for malware to escape the Chrome sandbox (the sandbox of Chromium based browsers)

4. Super duper secure mode/new security mitigations option
Can be set through flags and settings (the latter has a smart balanced option).
What it does: it disables the Just In Tim (JIT) javascript compiler. Compiled code is code which the CPU can process. It looks like a string of zeroes and ones. It is much harder to 'read' compiled code then plain javascript sourcecode.
Why it matters: Some windows protection mechanisms can't read/handle compiled code. Without JIT enabled Windows can apply more checks and balances (like CET and ACG), simply because it can read the javascript sourcecode. These cross checks make it harder for malware to sneak through (professionals I know, this is a layman's explanation, feel free to add comments when you have a better way to explain it).
Downside: Compiled code is faster than interpreted code. In the past this differences was huge. With modern Javascript engines these differences are minimal for most common web applications. Only a few javascript intensive applications might rely on pre-compiled code. So fair chance you won't notice it. When you enable this feature, choose 'balanced mode' to be prevent issues.

5. Automatic HTTPS
Can be set through flags and settings (will become default in the near future since most websites are encrypted HTTPS).
What it does: Tries to switch from unencrpted HTTP traffic through encrypted HTTPS (sort of same as HTTPS everywhere extension)
Why it matters: Encrypted data is gibberish, so your ISP and anyone else on your way to the world wide web does not understand what goes over the line/air.
 
Last edited by a moderator:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Here are 5 security features which Chrome does not have

1. De-elevation on start of broker process
What it does: when you run Edge as Admin, the broker process de-elevates from high to medium level integrity rights.
Why this matters: Medium Ievel Integrity rights processes have no write access to UAC protected folders (Windows, Program Files and most Program Data folders). This comes (security wise for Edge only) closer to running as a standard user than UAC.

2. Code Integrity Guard of renderer process
What it does: this allows only Microsoft signed DLL's to be loaded into the renderer process.
Why this matters: DLL's are dynamic load libraries. These DLL's can be injected in the renderer processes of your browser. Malware can not misuse this mechanisme to take control over the renderer process and ultimately over your PC (through a staged attack).

3. AppContainer for renderer process
This new feature will come to you automatically in next versions, early birds can enable this in registry or group policy.
What it does: it lowers the integrity rights of the renderer process from Untrusted to AppContainer. AppContainer is the build-in rights sandbox of the Windows OS (explanation). It isolates the renderer from unneeded resources and other application. No access means no opportunities for malware to misuse bugs and exploits in the chromium renderer process (the process which does the heavy work showing web content correctly on your screen).
Why it matters: It makes it harder for malware to escape the Chrome sandbox (the sandbox of Chromium based browsers)

4. Super duper secure mode/new security mitigations option
Can be set through flags and settings (the latter has a smart balanced option).
What it does: it disables the Just In Tim (JIT) javascript compiler. Compiled code is code which the CPU can process. It looks like a string of zeroes and ones. It is much harder to 'read' compiled code then plain javascript sourcecode.
Why it matters: Some windows protection mechanisms can't read/handle compiled code. Without JIT enabled Windows can apply more checks and balances (like CET and ACG), simply because it can read the javascript sourcecode. These cross checks make it harder for malware to sneak through (professionals I know, this is a layman's explanation, feel free to add comments when you have a better way to explain it).
Downside: Compiled code is faster than interpreted code. In the past this differences was huge. With modern Javascript engines these differences are minimal for most common web applications. Only a few javascript intensive applications might rely on pre-compiled code. So fair chance you won't notice it. When you enable this feature, choose 'balanced mode' to be prevent issues.

5. Automatic HTTPS
Can be set through flags and settings (will become default in the near future since most websites are encrypted HTTPS).
What it does: Tries to switch from unencrpted HTTP traffic through encrypted HTTPS (sort of same as HTTPS everywhere extension)
Why it matters: Encrypted data is gibberish, so your ISP and anyone else on your way to the world wide web does not understand what goes over the line/air.
We should get this pinned up on browsers > edge > and you could write up a guide how to enable these features and members could keep the thread up to date incase of features are getting removed or features are being added. Like pinned thread with topic something like '' unlocking advanced features of microsoft edge' '
 

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
547
Did anyone notice this new bloatware "feature" Microsoft wants to add to Edge?

 
  • Like
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Did anyone notice this new bloatware "feature" Microsoft wants to add to Edge?

Not sure if I will ever see it, because I have disabled "Save time and money with Shopping in Microsoft Edge" and "Save and fill payment info".
 

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
547
Not sure if I will ever see it, because I have disabled "Save time and money with Shopping in Microsoft Edge" and "Save and fill payment info".

Thanks for this, Gandalf. Where would I find "Save time and money with Shopping in Microsoft Edge"?

EDIT:

NM, I found it. I was initially too lazy to search for it :D
 
Last edited:
F

ForgottenSeer 92963

I looked at the integrity levels of Edge with the registry or GPO tweak to enable AppContainer for renderer processes, to understand the benefits of using the strictest form of containment for the renderer process. A typical edge browser would show the following Integrity levels with Process Explorer

Edge broker process - medium level (but this process is kept in the basic user sandbox with the de-elevation on startup feature of Edge)
Network service process - medium level
GPU service process - low level
Data Storage service process - untrusted level - used to store and retrieve (temporary) data
Entity Extraction service process - untrusted level - used to extract entities out of webcontent like passwords, addresses, drm licenses etcetera
Renderer processes (2 or more depending on your RAM) - appcontainer - used to process webcontent

With the renderer process now having the lowest rights container (lowered from untrusted to appcontainer), the service modules are protected from side-by-side infections by the renderer processes (lower IL's can't change higher Integrity Levels). This clearly shows that AppContainer not only makes it harder for malware to escape the renderer processes (because the renderer handles content, javascript running in the renderer process could be injected by malware writers into the webpage you are browsing), but ALSO protects other important service processes in Edge (running as untrusted).

For people running Microsoft Defender with no other security programs (than Andy Ful's tools ) this integrity rights level structure also shows the benefits of adding theCode Integrity Guard protection of Edge to ALL Edge processes. By default Microsofts protects the renderer process with Code Integrity Guard, but it is very easy to add all Edge processes using Microsoft Defender's build-in Exploit Protection.

1638028029143.png


NB. I only use extensions from the Microsoft store. I can imagine that CIG also blocks extensions from the Google Chrome store.
 
Last edited by a moderator:

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
Did anyone notice this new bloatware "feature" Microsoft wants to add to Edge?

When looking at the new settings in Edge 96.x, I noticed it had opted me INTO suggesting "charities" for me to donate to BASED ON MY WEB BROWSING HABITS, with no notice to me. Not exactly a privacy-respecting default.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top