05 April 22, 06:14
Quote:Microsoft released the first three-digit version of its Microsoft Edge web browser on April 1, 2022. Microsoft Edge 100 is available for all supported systems.Continue Reading
Like Google Chrome 100, released last week, Microsoft Edge 100 is not a rich release when it comes to features and improvements. There are some though in Edge 100.
Microsoft Edge installs updates automatically by defaul. Desktop users may load edge://settings/help to display the current version and run a check for updates. The latest update is downloaded and installed automatically if it is newer than the installed version.
Microsoft Edge 100 is a security update first and foremost. Microsoft lists nine Edge-specific security updates in version 100 of the browser. The security updates for Chromium, the core that Edge and Chrome are based on, are also incorporated in the new release.
Microsoft links to six of the nine security vulnerabilities only. None of the six are publicly disclosed or exploited according to Microsoft. The issues have severity ratings of moderate or important.
Microsoft Edge uses the three-digit version number in its user agent string by default. The company notes issues may arise out of this, for instance, when buggy parsers are used to determine the version number of the browser. Enterprise customers and organizations may use the ForceMajorVersionToMinorPositionInUserAgent policy to freeze the user-agent at version 99 to mitigate the issue temporarily.
The option to preview PDF files using Microsoft Edge Web View has been added to Microsoft Outlook and File Explorer. Microsoft notes that the feature is available for local PDF documents opened in File Explorer and for Outlook Desktop PDF attachments.
Another PDF-specific change adds support for opening digitally signed PDF documents. Organizations may use the PDFSecureMode policy to enable digital signature validation for PDF files in the browser without the need for the installation of extensions or add-ins.
Microsoft Edge users on Windows 8 or newer benefit from Hardware-enforced Stack Protection. The feature requires an 11th generation Intel Core Mobile processors or newer, or AMD Zen 3 Core processors or newer.
Microsoft employee Jin Lee explained the new feature in February 2021:
Quote:This exploit mitigation will protect the return address, and work with other Windows mitigations to prevent exploit techniques that aim to achieve arbitrary code execution. When attackers find a vulnerability that allows them to overwrite values on the stack, a common exploit technique is to overwrite return addresses into attacker-defined locations to build a malicious payload. This technique is known as return-oriented programming (ROP).
Microsoft 365 application protocol activations will now "launch certain Microsoft 365 applications directly" on trusted Microsoft cloud storage services.
Here are the policy updates of Edge 100:
Policy updatesNew policiesDeprecated policy
- AdsTransparencyEnabled - Configure if the ads transparency feature is enabled
- DefaultWebHidGuardSetting - Control use of the WebHID API
- HideRestoreDialogEnabled - Hide restore pages dialog after browser crash
- PDFSecureMode - Secure mode and Certificate-based Digital Signature validation in native PDF reader
- PromptOnMultipleMatchingCertificates - Prompt the user to select a certificate when multiple certificates match
- WebHidAskForUrls - Allow the WebHID API on these sites
- WebHidBlockedForUrls - Block the WebHID API on these sites
Obsoleted policy
- BackgroundTemplateListUpdatesEnabled - Enables background updates to the list of available templates for Collections and other features that use templates
Now You: do you use Microsoft Edge?
- AllowSyncXHRInPageDismissal - Allow pages to send synchronous XHR requests during page dismissal
...