Microsoft has announced that it has implemented a new rendering engine in Microsoft Edge, the new default Windows browser it introduced with Windows 10, to combat a number of browser-based abuses and attacks. The company says with the changes attackers will not be able to use third-party applications to install toolbars on Edge.
The November update that Microsoft rolled out last week, in addition to a number of features to Windows 10, and release of Cortana in India, also offered major changes to the company’s Edge Web browser. Chief among these changes was introduction of EdgeHTML 13, a rendering engine.
The engine prohibits injection of unauthorised extensions (usually found in the form of Dynamic-Link Library). The browser’s resilience against unauthorised DLLs also results in an interesting addition: attackers won’t be able to install toolbars using a third-party application. This is because developers often resort to injecting DLLs into a browser’s process to bypass the built-in interfaces for settings controls.
“The attacker is trying to colonise the browser, and loading DLLs provides the attacker with a handy cargo pallet full of supplies. Blocking unauthorised DLL injection makes browser exploits more difficult and more expensive for attackers to carry out,” wrote Crispin Cowan, Senior Program Manager, Microsoft Edge in a blog spot. The company said that Microsoft Edge is the only Web browser to have this feature.
Since its inception, Microsoft has made major changes to its Web browser to make it harder for attackers to change settings in it – usually search results, engine, and other Web content from third-party extensions. Earlier this year, it announced that it was going to kill support for binary extensibility models such as ActiveX on Edge.
While blocking toolbars could significantly improve the overall security of a Web browser, it also means that users who wish to use toolbars cannot as this capability has been fully blocked. “Edge does not currently support toolbars,” a Microsoft spokesperson told Gadgets 360 in an emailed statement on Tuesday.
When we asked the company if it plans to give users the ability to install toolbars on Microsoft Edge, it declined to comment but reiterated that Edge will get support for extensions in a future update. “However, because part of the customer promise of Microsoft Edge is a personal experience, we are bringing support for extensions to Microsoft Edge in a future update.”
A source familiar with the matter told Gadgets 360 that the company is currently figuring out safer ways to allow users to install toolbars on Edge.