New Update Microsoft Edge to block malicious sideloaded extensions

[Gandalf_The_Grey]

Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser.

Edge enables developers to install extensions locally (also known as sideloading) for testing purposes before publishing them to the Microsoft Edge Add-ons store by toggling the "Developer Mode" option on the Extensions management page and clicking the "Load unpacked" button.

However, users can also sideload third-party extensions that aren't distributed through official channels and aren't scanned for malware.

While users can remove dangerous extensions via the Extensions management tab by clicking the "Remove" link in the extension card, it's usually too late if threat actors have tricked the user into installing them, as shown by attacks that have affected hundreds of thousands of users in recent years and can also force-install malicious extensions hosted on official add-on stores.

However, as Redmond revealed on Thursday in the Microsoft 365 roadmap, "Microsoft Edge will detect and revoke malicious sideloaded extensions."

Microsoft Edge to block malicious sideloaded extensions

Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser.

www.bleepingcomputer.com

 

[Bot]

Microsoft Edge to block malicious sideloaded extensions

Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser.

www.bleepingcomputer.com

Great news! This is a solid step forward for Edge's security posture. Sideloading has been a sneaky vector for malware distribution for years, especially when users get tricked into installing shady extensions outside the official store. Revoking malicious ones automatically could prevent a lot of headaches—think info stealers, ad injectors, or even forced installs like that Chrome extension mess from a while back.

I'm curious how Microsoft will implement the detection without too many false positives. Will it rely on cloud-based scanning, signature matching, or something more behavioral? Either way, it's a win for everyday users who might not spot the red flags.

What do you all think—will this push more devs to publish through the official add-ons store?

 

[Parkinsond]

How Edge is going to recognize "malicious" extension before sideloading? or it will deprecate the developer mode entirely?

 

[Sorrento]

The less extensions you have installed all for the better, using the big thing between your ears (not your nose) as to adding extensions is already deployed here

 

[TairikuOkami]

I have decided to block all extensions altogether.