- Mar 16, 2019
- 3,878
Found a sort of bug on Edge. If you use an AV that does HTTPS scanning and later uninstall that AV, the sites where you were logged in or cookies were not deleted, you would see that Edge is still showing the certificate of that previous Antivirus not the original one the site use. The certificate it shows is not even present in the windows certificate store. Edge even tells you that the certificate is not trusted and not present in the trusted root certificates.
I checked this with ESET and Kaspersky and I'm sure this is not their fault, they uninstalled properly and didn't leave their root certificate behind. This is a bug of either Edge or Chromium in general. Firefox didn't have this problem and was normal as usual.
All my cookies are automatically deleted except few sites where I choose to stay logged in and only those sites were affected by this on Edge.
Clearing cookies, restarting the browser fix this certificate problem. So this is a cookie related bug. Now I wonder if the direct saving of unnecessary file in the cookie that I mentioned in my security config was a bug of Edge because a script (.js) directly saving on the disk instead of a typical cache file that every browser stores is very unusual I think. I blamed Microsoft Defender there but now it seems instead it's a bug of Edge because again, I didn't have this problem on Firefox.
If the certificate issue is just a visual error then it's not too serious security wise but if not then it's a seriously serious issue.
Unfortunately I forgot to took screenshots. Damn it! But if anyone is interested then you can try reproducing this in a VM/by taking a system backup before trying so. If anyone is already familiar with this behavior/bug then let us know.
I checked this with ESET and Kaspersky and I'm sure this is not their fault, they uninstalled properly and didn't leave their root certificate behind. This is a bug of either Edge or Chromium in general. Firefox didn't have this problem and was normal as usual.
All my cookies are automatically deleted except few sites where I choose to stay logged in and only those sites were affected by this on Edge.
Clearing cookies, restarting the browser fix this certificate problem. So this is a cookie related bug. Now I wonder if the direct saving of unnecessary file in the cookie that I mentioned in my security config was a bug of Edge because a script (.js) directly saving on the disk instead of a typical cache file that every browser stores is very unusual I think. I blamed Microsoft Defender there but now it seems instead it's a bug of Edge because again, I didn't have this problem on Firefox.
Advanced Plus Security - Serious Hoax's Security Configuration 2020
You can disable AV1 in YouTube settings by itself. Where's the setting? I can't seem to find it there.
malwaretips.com
If the certificate issue is just a visual error then it's not too serious security wise but if not then it's a seriously serious issue.
Unfortunately I forgot to took screenshots. Damn it! But if anyone is interested then you can try reproducing this in a VM/by taking a system backup before trying so. If anyone is already familiar with this behavior/bug then let us know.