Doubts about Microsoft Edge's security

As you most likely already know, along with Windows 10, Microsoft launched a new web browser called Edge. It was designed to replace the old Internet Explorer, which wasn't only becoming the butt of almost all Internet-related jokes, but also a huge security risk for its users. The IT giant spent a lot of time and effort hyping up its new product, showing off its modern functionality, browsing speed and low battery requirements, but is the browser also safe?

The answer to that question is: not.really. Why do I say that? Well, the first argument that comes to mind is that at last year's Pwn2Own hacking event, Microsoft's product was proven to be the most hackable one out of the popular browsers on the market. The event is centered around ethically-correct hackers who find ways to bypass the defenses of various software, just for the sport of it (and some financial rewards), then show the companies how they did it so that patches and fixes can be created. The cyber-attackers from Pwn2Own managed to demonstrate no less than five different ways to exploit various vulnerabilities in the browser, including one that managed to escape the boundaries of a virtual machine and compromised the operating system it was running on. Keeping in mind that a virtual machine escape has never happened before at the event, that's a pretty serious thing. In case you were wondering, the winner of the event was Chrome, with 0 successful hacking attempts, followed by Firefox, which was only hacked once.

Since this happened in March last year, the Redmond-based giant has had a lot of time to fix those issues, but that doesn't mean that new ones haven't appeared in the meantime. In fact, just recently, Google's Project Zero team has angered Microsoft's engineers by publicly revealing another Edge exploit that hasn't been patched yet. In all fairness, Google gave Microsoft the normal 90 days to solve the issue plus another 14 days grace period, but according to Edge's team, the "fix is more complex than originally anticipated" and it will most likely be ready for the March update. I'm not a security expert, but as far as I understand, there is a medium-severity issue with the Just-in-Time (JIT) compilers, which transform JavaScript into native code and the way they write executable data.

Since these aren't the only problems, just the ones that were the easiest to explain, you will probably understand why I have my doubts about Edge's security. Microsoft's track record with web browsers isn't the best so, for the time being, I'm going to continue to resist using Edge, no matter how hard the IT giant tries to shove it in my face by making it the default browser in Windows 10. At the moment, Google Chrome and Mozilla Firefox are clearly superior choices, so I'm going to keep using them until Microsoft can actually prove that Edge is the better and safer option for my personal as well as my work-related needs.

Comments on Doubts about Microsoft Edge's security

M S Srinivasan

Superb Article. I am using Google Chrome in Windows 10 since last one year as I too have doubted about its security.

 –  3 months ago  –  Was it helpful? yes | no (+1)