Microsoft Edge tighten security against browser extensions exploits with new Publish API

Microsoft is making it harder for hackers to attack Microsoft Edge extensions by using automatically generated API keys, securely storing them, and regularly changing them to keep credentials safe.

In a recent announcement, the Redmond tech giant announced the changes to the Publish API for Edge extensions, which should have been a good piece of news for developers. Microsoft says, “The security enhancements coming with the new Publish API will help protect your extensions and improve the security of the publishing process.”

A part of the Secure Future Initiative (SFI), key updates include the automatic generation of API keys, which replaces the previous static credentials, and a new management system for creating and deleting hashes of these keys to minimize the risk of sensitive information exposure.

And, API keys will now expire every 72 days. If you’re a developer, you are encouraged to opt into the new API experience at their own pace, with options to revert to the previous system if needed.

The SFI—launched in November 2023—is a series of key decisions and improvements to Microsoft’s overall security experience, which stemmed after a series of major cybersecurity incidents in recent years like the SolarWinds attack and a Microsoft cloud exploit that exposed US government emails.

Besides this, Microsoft also vows to use AI and automation in software development, improve cloud service security, speed up vulnerability fixes, and have a better infrastructure to protect sensitive information.

The company has even assigned 34,000 engineers to focus on security and has made it a priority for all employees. So much so that they even told their employees in China to ditch Android for iPhones starting last month due to concerns over cybersecurity and Android’s lack of Google services.