In my personal experience, the transition from Chrome to Edge was utterly seamless. Once you've installed the new Edge, you can start linking your Google account. And now that Chrome extensions are also available, in addition to the ability to sync Edge with your Google account, Chrome users may not feel the need to rush to Google's browser as quickly as before. With the new Chromium-powered Edge, Microsoft is claiming better performance across the board. Ultimately, it was hard to recommend over Chrome or other popular browsers, such as Mozilla Firefox. However, it faced several issues, including poor performance on some websites and a lack of useful extensions from third parties to add new features. The original iteration of Edge ran on a proprietary Microsoft platform and was intended to be a leap forward from the Internet Explorer era.
Edge chromium windows 10#
Microsoft would surely like to lure people back from browsers like Chrome to its own Edge, but the new Chromium-based Edge browser could also be effective in keeping people in the Microsoft ecosystem instead of them immediately downloading Chrome when they buy a new Windows 10 computer. It started off and remains as the engine behind Google Chrome.Īlqabandi reported his findings to Microsoft in September before publicly disclosing his research over the festive season, after Microsoft had dealt with his report.Account icon An icon in the shape of a person's head and shoulders. Microsoft is yet to respond to a request for comment.Ĭhromium is an open source browser developed by Google that will power future versions of Edge, replacing the previous EdgeHTML engine under the bonnet.
Edge chromium install#
“Meaning one could use it to install any program they like on the user’s computer.”
Edge chromium code#
In response to queries from The Daily Swig, Alqabandi commented on the seriousness of the various vulnerabilities he found in Edge: “Worst case the bugs (first two) can lead to remote code execution by having a user simply visit a web page. The last of the three bugs found by Alqabandi involved cookie manipulation, abusing a legacy MSN site, and taking over the NTP page, as Alqabandi explains in a detailed technical blog post. The bug meant it was possible to inject JavaScript into a higher privileged context from normal web content because the NTP is set up as a higher privileged page within Microsoft Edge (Chromium).
The shortcoming meant that potentially hostile JavaScript was executed. One of the XSS bugs involved a new feature in a component of the New Tab Page (NTP) of the revamped Edge browser and related to a failure to sanitize the title of visited web pages. Only Microsoft-owned code is eligible under this program, leaving a small attack surface open to exploitation that Alqabandi was able to hit.Ī proof-of-concept (PoC) developed by Alqabandi involved exploiting a cross site-scripting ( XSS) vulnerability in Microsoft Edge to achieve a privilege escalation attack.Īlthough unconfirmed, Alqabandi suspects a separate bug he discovered might have allowed for the creation of a remote code execution ( RCE) exploit, rather than the simple browser crash he was able to produce. A security researcher has earned $40,000 for discovering what are said to be the first bugs in the new Chromium-based version of Microsoft’s Edge browser.Ībdulrhman Alqabandi discovered three distinct bugs in the new browser that collectively earns him $40,000 under a reward program set up by Microsoft back in August.
0 kommentar(er)
