Microsoft tightens Edge security for less visited websites
We're pretty sure that doesn't mean it's safe to click on sketchy popups
Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings.
The new feature is part of a number of security updates in version 104.0.1293.47 announced this month that are designed to reduce the risk for the five Edge users users as they move around the internet.
"When combined, these changes help provide 'defense in depth' because they make it more difficult than ever before for a malicious site to use an unpatched vulnerability to write to executable memory and attack an end user," the company wrote.
- Chromium's WebRTC zero-day fix arrives in Microsoft Edge
- Canonical adds instance tweaking to Multipass, Confidential VMs to Azure
- Google fiddles with cross-platform Flutter and Dart to boost performance, tooling
- Ubuntu on a phone, anyone? UBports reaches 18th stable update, but it's still based on 16.04
- OK, Google: Unshackled from Windows, Edge team is free to follow where Chromium leads
With the enhanced security feature, the Basic security level will be the default when the "Enhance your security on the web" browsing mode – which is optional – is enabled in settings. The Basic setting ensures the user experience on the most popular sites on the web remain intact while adding security mitigations for those sites visited less frequently.
Shifting to the Balanced level will include the new features for such times, while ensuring most of the other sites work as expected. If a user chooses the Strict security level, security features will be added for all sites on the web – those frequently and infrequently visited – and could mean that parts of some sites won't work.
"However, you can still manually add sites to the exception site list and enterprise admin configuration will still apply, if present," Microsoft wrote. "Strict mode isn't appropriate for most end users because it may require some level of configuration for the user to complete their normal tasks."
In addition, enterprise administrators can use Group Policy settings to include "allow" and "deny" lists to enhance the security for their users when visiting certain sites while disabling the mode for others.
Another security feature will enable users to import data from Google Chrome during Edge's First Run Experience – an annoying feature that occurs when users open Edge for the first time and shows a welcome page with information, tips, and recommended actions for improving their experience with the browser – without having Chrome installed.
With the new feature, users can log into their Google account during the First run Experience. The feature can be turned off by disabling First Run Experience with the HideFirstRunExperience policy or by setting AutoImportAtFirstRun to "DisabledAutoImport," Microsoft wrote in its Edge policies pages. ®