Microsoft developed Edge to replace Internet Explorer, but the amount of vulnerabilities increased significantly in the past year. So developers made a decision to discontinue the current version and rebuild it using the Google Chromium browser engine.
Microsoft has been working with Google to complete the project. It should decrease the number of vulnerabilities because of the maturity of Google’s browser tool, rather than writing one from the ground up, according to Morey Haber, chief technology officer at BeyondTrust, a securities company.
The BeyondTrust report recently published estimates that the number of reported Microsoft vulnerabilities more than doubled since 2013. Microsoft’s Edge browser has nearly triple the number of critical vulnerabilities reported at 112, compared with Internet Explorer at 39. Critical vulnerabilities in Microsoft Edge have increased six times the amount since its inception two years ago.
Analysis also suggests that during the last five years, nearly 88% of all “critical” vulnerabilities published by Microsoft could have been mitigated by security teams removing admin rights from users.
These vulnerabilities include data leaks to remote code. Haber said that based on what he is aware of, the list would also include malvertising, although it is not specifically mentioned in the report.
“It does create an interesting problem,” he said, referring to Microsoft’s use of Google Chromium. “If there’s a vulnerability that affects Chrome it also will affect the new version of Microsoft’s browser.” That would be all for one and one for all, apparently, which could put consumers and businesses in a bind without another major browser to mitigate a “potentially catastrophic threat.”
Haber said one of the advantages of having Edge and Chrome is that if there is a flaw that affects one, it does not affect the other.
Despite potential threats and challenges, Haber said he encouraged Microsoft to make this change.