Security News > 2022 > January > Microsoft: Edge will mitigate 'unforeseen active' zero day bugs
Microsoft Edge has added a new feature to the Beta channel that will mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities.
"This feature is a huge step forward because it lets us mitigate unforeseen active zero days," Microsoft explains.
Microsoft has included this extra layer of protection against zero-day bugs exploited in the wild with the release of version 98.0.1108.23 to the Microsoft Edge Beta Channel.
In the release notes for the latest Microsoft Edge Beta version, Microsoft also mentions the addition of a custom primary password that will allow users to add an extra authentication step before saved passwords are auto-filled in web forms.
Microsoft also added a Super Duper Secure Mode to the Edge Stable channel for security improvements without significant performance losses in November.
"This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers," Johnathan Norman, Microsoft Edge Vulnerability Research Lead, explained.
News URL
Related news
- Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Microsoft: New Copilot app added by Edge doesn’t collect data (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)