Microsoft Edge 101 patches 25 security issues

Martin Brinkmann
Apr 29, 2022
Microsoft Edge
|
12

Microsoft Edge 101 stable is now available. The new version of Microsoft's cross-platform web browser patches 25 security issues and includes several non-security related improvements.

microsoft edge 101 release

Desktop users may select Menu > Help and Feedback > About Microsoft Edge, or load edge://settings/help directly in the browser's address bar, to display the current version of the browser. Edge runs a check for updates when the page is opened, and the new update should be downloaded and installed at this point.

Also of interest: Microsoft is testing a browser proxy in Edge currently.

Microsoft Edge 101

Microsoft Edge 101.0.1210.32 patches 25 different security issues in the browser. The majority address issues in Chromium, the core that Microsoft's browser shares with browsers such as Google Chrome, Brave, Vivaldi or Opera.

Two vulnerabilities, CVE-2022-29146 and CVE-2022-29147, are Edge-specific. The first has a severity rating of moderate and successful exploitation could lead to a browser sandbox escape. The second has a severity rating of low, and it could lead to a spoofing attack. Both vulnerabilities require "user interaction or preconditions", and that is the reason why Microsoft reduced the exploitation rating.

The official release notes highlight non-security changes and improvements in Edge 101. Here is a quick overview of important changes. Please note that not all of them may be available yet on all systems:

  • An Apps icon can be added to the favorites bar to launch Progressive Web Apps directly from the toolbar.
  • An option to clear remembered certificates to get the certificate picker to reappear for a site is now supported.
  • The ability to configure shared cookies between Microsoft Edge and Internet Explorer is now available in the Enterprise site list.
  • The ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled policy supports setting a default state for the "allow extensions from other stores" preference.
  • The EdgeDefaultProfileEnabled policy supports setting a specific profile as the default profile when the browser is opened.

Several policies have been added in Edge 101:

  • ConfigureKeyboardShortcuts - Configure the list of commands for which to disable keyboard shortcuts
  • ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled - Configure default state of Allow extensions from other stores setting
  • EdgeAssetDeliveryServiceEnabled - Allow features to download assets from the Asset Delivery Service
  • EdgeDefaultProfileEnabled - Default Profile Setting Enabled
  • InternetExplorerModeEnableSavePageAs - Allow Save page as in Internet Explorer mode
  • KioskSwipeGesturesEnabled - Swipe gestures in Microsoft Edge kiosk mode enabled
  • MicrosoftOfficeMenuEnabled - Allow users to access the Microsoft Office menu
  • SiteSafetyServicesEnabled - Allow users to configure Site safety services

Closing words

Microsoft Edge 101 is a security update first and foremost that addresses 25 different security issues in the browser. The update will roll out to most systems automatically in the coming days and weeks, but administrators may speed up the process using the method described above.

Now You: do you use Microsoft Edge?

Summary
Microsoft Edge 101 patches 25 security issues
Article Name
Microsoft Edge 101 patches 25 security issues
Description
Microsoft Edge 101 stable is now available. The new version includes patches for 25 different security issues.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. lophis said on May 1, 2022 at 11:31 pm
    Reply

    MS edge is the best chromium browser overall IMO. It actually has features that are useful unlike the constant misses with Firefox. The biggest issue is privacy, the default settings collect so much telemetry and is integrated with Windows telemetry ecosystem.

  2. Doc Fuddled said on May 1, 2022 at 5:26 pm
    Reply

    In my opinion, both Google and MS are equally invasive and focused on one thing – your data. One is no better/worse than the other. I personally use Brave as my default browser. I don’t even have Google Chrome installed. Is Brave a better option? It seems to be. But the bottom line is that no matter what browser we choose, we are at the mercy of the developers and their corporate mantra.

  3. Mike said on April 30, 2022 at 2:17 pm
    Reply

    Seriously? Are you guys actually comparing Google to MS and believing that Google respects your privacy MORE than MS? That’s so misinformed it isn’t even funny.

    First off, the UUID hash is collected by Google as well, MS uses it for one reason – to securely encrypt and bind the User Data directory to the Machine and Profile so it can’t be stolen by bad actors, which also allows MS to implement a far stronger and more secure sync system than Google, one suitable for enterprise usage as it’s backed by Azure AD for businesses and the Azure CDN for MSAs (MS Accounts).

    Now Google, on the other hand uses the UUID (in addition to 100% unique install tokens relayed to them on a per install/per user basis for further narrowing down session tracking granularity) for TWO primary reasons – one is the same as MS (only done in a far less secure manner) and the second is to afford them the ability to track and collect all of your browsing data and PII with persistance, which they reserve the right to sell to any third party as they see fit, with no opt-out option whatsoever. They’re a damn advertising company, you’d have to be beyond ignorant to think they do anything whatsoever that would make it harder for them to collect every piece of information about you they can.

    It’s an empirical fact that MS Edge is the most secure and safest browser available. MS spent billions to break down, and gut the Chromium codebase to replace all of Google’s sloppy work with fully secured and properly sandboxed components adressing the countless areas that Google ignored because it didn’t assist in user profiling/tracking. They did not replace Google servers with MS servers in the areas of intrusive data collection, they excised those entirely. MS offers the 3rd best Enterprise Tier Security Suite in the industry, and they collect the necessary amount of diagnostic data to ensure you’re protected from ID theft and worse while browsing. Their Privacy Policy literally states that no data is provided to third parties unless it’s necessary for the browser to function correctly on the most basic level. And no security researchers have ever found Edge to secretly be leaking out all your session data to MS, and its only been around for how many years? I mean come on…

    I’m sorry, but sometimes people here come to agree on an incorrect supposition that’s genuinely harmful if it were to be believed. And discouraging the use of Edge in favor of Chrome falls right there. Seriously, the amount of security and privacy afforded to you by Edge is vastly greater than using Google Chrome. Especially if you use Windows 10/11, then its protection jumps at least an added two fold.

    1. LOL said on May 2, 2022 at 4:36 am
      Reply

      Seriously? What a fanboy YOU are Mike.
      Microsoft is getting our data in Edge to sell ads just like Googgle does in Chrome.
      If you use google search there is ZERO reason to give your data to 2 corporations. 1 is enough.
      M$ ad partners aka Microsoft Advertising Partner Program includes more than 1000 ad companies and includes many chinese ones. I can give you the full list of them if you want.
      The latest partner is the british Diginius which joined in 27 April.

    2. Fauszt said on May 1, 2022 at 2:41 pm
      Reply

      Do you have a source for this? I am interested.

  4. Sebas said on April 29, 2022 at 8:03 pm
    Reply

    A shame, their disrespect of privacy. It has much to offer. The sleep mode tabs, the startup mode, the translation, the typosquatting control, all very useful. A good alternative is Vivaldi with its own extensive options.

  5. Bing said on April 29, 2022 at 3:17 pm
    Reply

    Chromium developers have patched Chromium, which now Edge developers have ported to their adware browser.

  6. piomiq said on April 29, 2022 at 2:55 pm
    Reply

    so patches made by Google, or maybe Microsoft prepared any?

  7. John G. said on April 29, 2022 at 2:18 pm
    Reply

    The best reason to use Edge is the fantastic speed it has while comparing to Chrome. Thanks for the article! :]

    1. Frankel said on April 29, 2022 at 2:35 pm
      Reply
      1. Iron Heart said on April 29, 2022 at 7:06 pm
        Reply

        @Frankel

        …while replacing these connections to Google servers with connections to Microsoft servers. Edge collects the entire browsing history and introduces a persistent hardware identifier that not even Chrome (which is already bad enough) has.

        I quote from the following source:

        “Edge sends hashed identifiers that are linked to device hardware, called the hardware UUIDs (universally unique identifiers) to Microsoft, which are “strong and enduring identifier[s] than cannot be easily changed or deleted.” Worse, this behavior can’t be disabled by users.

        In addition, Edge features a search autocomplete functionality that shares details of web pages visited (although this can be disabled by users). Part of this functionality transmits web page information to servers that appear unrelated to search autocomplete, Leith said.”

        source: https://threatpost.com/microsoft-edge-privacy-busting-telemetry/153733/

        @Frankel, you have little to no clue about Edge it seems.

      2. Frankel said on April 30, 2022 at 11:41 am
        Reply

        The question is do I share rather with Google or MS if forced?

        Hint: I have it installed as an emergency browser. Not as a daily driver. I use Firefox.
        But that flew over your head :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.