Microsoft plans to introduce a new security feature in Microsoft Edge that will detect and revoke malicious extensions sideloaded into the browser. The company announced this update on Thursday via the Microsoft 365 roadmap, with a global rollout scheduled for November across standard multi-tenant instances.

Understanding Extension Sideloading
Edge currently allows developers to install extensions locally (sideloading) for testing before publishing to the Microsoft Edge Add-ons store. Users can enable this by activating "Developer Mode" on the Extensions management page and selecting the "Load unpacked" button. However, this options also permits installation of third-party extensions outside official channels, bypassing Microsoft’s malware scanning process.
Although users can remove harmful extensions manually through the Extensions management tab, such action often comes too late. Threat actors have repeatedly exploited this vector, tricking users into installing malicious extensions. Some attacks have impacted hundreds of thousands of users and even involved extensions hosted on official add-on stores.
Microsoft Edge Will Block Malicious Sideloaded Extensions
On the 365 Roadmap website, Microsoft noted that "Microsoft Edge will detect and revoke malicious sideloaded extensions." Sadly, there no advanced details regarding the mechanism and UI options. The new feature will become available in two months.
At least the browser needs to maintain some list of extensions that are known for the harmful behavior. Besides, it may need to perform some heuristic analysis to find such an add-on among installed extensions, including the offline mode. Finally, Microsoft may use some AI, including the locally running model.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: