Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims.

Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about.

The first two were discovered by Argentinian security researcher Manuel Caballero, a man that has previously found other issues in Edge in the past [1, 2].

Detecting a user's Edge extensions
The first of these relates to user privacy, and more precisely to a flaw that a threat actor can exploit to detect a list of the user's installed Edge extensions.

While knowing which Edge extension a user is using can be used to leverage vulnerabilities in that extension and hack a target, a more down-to-Earth scenario would be that advertisers could leverage that information to create more accurate user fingerprints, and use these fingerprints to track users across different sites.

The researcher said that the first method used to exploit this flaw was mitigated with the release of Windows 10 Creators Update, but he pointed out that there are two other ways this can still be exploited. A proof-of-concept demo page is available here.

Using Edge's new Reading Mode to bypass SOP filters
The second flaw Caballero discovered was in Edge's "Reading View," which is a browser feature that strips away all the ads and images and leaves only a page's title and text, similar's to Firefox's Reader View.
......
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top