Jump to content

Support For The Edge Browser in Windows 10?


Nesivos

Recommended Posts

I was wondering about that too. But does Edge even really need it, seeing it's a sandboxed WinRT  app and not a unsecure Win32 program?

Link to post
Share on other sites

Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool.

Link to post
Share on other sites

Exploiting 64-bit Edge is already exceptionally difficult. If an attacker is able to exploit a 64-bit browser with a sandbox and additional 'heap hardering' (To keep things easy) then an attacker would probably also have the skill to bypass MB Anti-Exploit, EMET 5.2 or any other exploit mitigation tool.

 

The 64-bit IE11 with sandbox (Enhanced Protection Mode) had number of vulnerabilities that are continuously patched by MS. For that matter Chrome, with a lot better sandbox than IE11, had number of vulnerabilities as well. While agree that the current time it's not easy to exploit MS Edge, only time will tell if its security will measure up to Microsoft, and in some respect your, expectations...

Link to post
Share on other sites

We're investigating Edge to see if/when we add protection for it.

Thank you for the feedback :)

Link to post
Share on other sites

The 64-bit IE11 with sandbox (Enhanced Protection Mode) had number of vulnerabilities that are continuously patched by MS. For that matter Chrome, with a lot better sandbox than IE11, had number of vulnerabilities as well. While agree that the current time it's not easy to exploit MS Edge, only time will tell if its security will measure up to Microsoft, and in some respect your, expectations...

Just to note, in my experience over the years it seems to me that if it is MICROSOFT there will always be a dedicated group that seem committed to exploiting this OS and variable components.

Just my opinion. :)

Link to post
Share on other sites

Yes and it remains to be seen about the plugins.

 

A very interesting post today by Trend Micro about the topic:

http://blog.trendmicro.com/trendlabs-security-intelligence/windows-10-sharpens-browser-security-with-microsoft-edge/

The article talked about improved protection against UAF exploits.  The problem is that a number of popular exploit kits like Angler now include the capability to deliver obfiscated UAF exploits

Link to post
Share on other sites

Wow, using GC (Garbage Collection) for malware loading and execution is awesome in a technical sense. I wonder if EMET and/or /MBAE can protect against this buffer manipulation. Thanks for the link Nesivos...

 

Disabling or rather removing "features" that are well known attack vectors certainly will make Edge initially more secure than IE. At least initially...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.