On Tuesday, Microsoft announced that it has introduced EdgeHTML 13, a standard support for Microsoft Edge, the flagship Web browser in Windows 10 that prevents injection of an unauthorized dynamic-link library on to the Web browser. This would in turn, make the Web browser more resilient from anybody installing toolbars or third party content on pages without a user’s consent. The company claims that Microsoft Edge is the only Web browser that touts this feature.
The idea is simple. Over the years, several culprits and shady companies have devised techniques to game the default search engine and injected content on Web pages to show ads and other annoying elements to usually make money. Browsers like Chrome allow a third-party application to manipulate the default settings and install toolbars on to the browser. Microsoft says that it is making it harder than ever for attackers to affect its Web browser.
EdgeHTML 13, the company said, rolled out with Windows 10 November update, also known as Threshold 2, last week. The support to block uninvited extensions is a follow up to company’s decision from earlier this year to block binary extensibility models such as ActiveX, and Browser Helper Objects.
“Because some programs seek to change user settings without the user’s consent, Microsoft Edge is hardened to protect user settings (including protecting search results and other web content from third party injection). Developers who are determined to tamper with the user’s settings may resort to injecting DLLs into the Edge process, bypassing the built-in interfaces for settings controls.” the company wrote in a blog post.
“An attack on a web browser begins with a memory corruption of some kind that allows the attacker to take control of the browser. Once they have a toehold, they pull in more and more of their attack software, and set about changing what the user’s PC does—from being for their benefit to being malicious,” it added.
The feature was first rolled out to Windows Insider testers with build 10547. The company says that since then it has protected 2704 users from getting affected by attackers who made attempts to load adware and malware on to their Web browsers.