Microsoft unveiled new privacy-focused features which allow users to control how much data is sent back to Microsoft, as well as control how much data third parties receive when browsing the internet.
Today Microsoft is announcing a new three level privacy option for Microsoft Edge with Chromium. Unrestricted, Balanced, and Strict. https://t.co/46pHq6wxD7
— Richard Hay (@WinObs) May 6, 2019
Expert Comments:
Alex Heid, Chief Research Officer at SecurityScorecard:
“The announcement by Microsoft that the Edge web browser is moving to the Chromium engine is quite significant and indicates that Microsoft has embraced the concept of open source software and will likely leverage open source code in the future for additional major development projects. The shift also indicates the full retirement of the antiquated and vulnerable Internet Explorer web browser. The use of Internet Explorer by the average personal computer user has pretty much vanished, as Microsoft no longer includes the software within new versions of Windows. However, the use of Internet Explorer legacy software is still quite common within the enterprise environment as there are many older applications that require the use of IE or related plugins.
In these latest releases, Microsoft appears to have created an ‘IE View Mode’ whereby users of the Edge browser can interface with legacy applications that require IE browsers. This appears to be available in order to provide backwards compatibility to enterprise customers – the documentation released by Microsoft last month talks about the ‘Enterprise Mode’:
https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility
It will be interesting to see how the backwards comparability features play out in the wild as they relate to the use of client side browser exploits and other legacy/enterprise software client side attack vectors. While it can be presumed that many of the common exploitable vectors in IE are now gone due to the use of the Chromium engine – it is always possible (and likely) that new vulnerabilities will emerge that did not previously exist, and attack methods will evolve to make use of these new features in ways that were not intended or anticipated during development. Backwards compatibility is oftentimes a vector that allows for exploitation of ‘updated’ software.”
