No Zero-Day or Known Exploits have Targeted the Edge Browser – Microsoft Claims
Microsoft launched its new Edge browser last year with the release of the Windows 10 operating system. At its Edge Summit 2016, the company claimed that even after eight months of Edge having been released to the public, the browser has had no zero-day exploits targeting it.
After a very non-secure experience with Internet Explorer, the company introduced some enhanced security features in its Microsoft Edge browser, making it secure against zero-day exploits. At today’s event, the company shared some positive news about the security of its Edge browser. Edge has had no zero-day exploits and no known exploits targeting it, Microsoft said. It also revealed that there was a 75% reduction in RCE (Remote Code Execution) exploits that affected its new browser in the first 5 servicing months.
Microsoft Edge security features
Microsoft was so confident about the Edge security features, that when earlier this year, it released a Windows 10 compatible version of its anti zero-day tool, EMET (Enhanced Mitigation Experience Toolkit), the company didn’t bring support for Microsoft Edge. EMET allows Microsoft’s enterprise customers to patch a software flaw, “helping to protect against security threats and breaches that can disrupt businesses and daily lives.” Microsoft claimed that the Edge browser is so secure, that the EMET features will only be redundant and that Edge even has more superior security features.
Given the advanced technologies used to protect Microsoft Edge, including industry-leading sandboxing, compiler, and memory-management techniques, EMET 5.5 mitigations do not apply to Edge. – Microsoft’s EMET team.
Along with several other security features, Microsoft also introduced new improvements to its SmartScreen web protection system, protecting users from socially engineered attacks such as phishing and malware downloads. The improved SmartScreen also warns the users about potentially malicious frames, including unsafe ads. You can read more about Microsoft’s attempts at protecting its Edge users from Drive-By attacks here.
Many argue that Edge hasn’t been hit by the hackers because it still has to be considered as one of the most-used browsers. At the event today, Microsoft shared that its Edge browser is being used by over 150 million active devices. While Edge may have been secured against phishing attacks and zero-day exploits, we did see several RCE vulnerabilities in the past year, some of which were rated critical by the company. However, it does come as a good news when you compare it to the bug-infested Internet Explorer, which received over 25 CVEs on Windows 8.1, and around 20 on IE11 for Windows 10.