Advertisement

Microsoft Edge Enhances Protection Against Sideloaded Malicious Extensions

Microsoft plans to introduce a new security feature in Microsoft Edge that will detect and revoke malicious extensions sideloaded into the browser. The company announced this update on Thursday via the Microsoft 365 roadmap, with a global rollout scheduled for November across standard multi-tenant instances.

Edge logo
Microsoft Edge logo. Image credits: Microsoft

Understanding Extension Sideloading

Edge currently allows developers to install extensions locally (sideloading) for testing before publishing to the Microsoft Edge Add-ons store. Users can enable this by activating "Developer Mode" on the Extensions management page and selecting the "Load unpacked" button. However, this options also permits installation of third-party extensions outside official channels, bypassing Microsoft’s malware scanning process.

Although users can remove harmful extensions manually through the Extensions management tab, such action often comes too late. Threat actors have repeatedly exploited this vector, tricking users into installing malicious extensions. Some attacks have impacted hundreds of thousands of users and even involved extensions hosted on official add-on stores.

Microsoft Edge Will Block Malicious Sideloaded Extensions

On the 365 Roadmap website, Microsoft noted that  "Microsoft Edge will detect and revoke malicious sideloaded extensions." Sadly, there no advanced details regarding the mechanism and UI options. The new feature will become available in two months.

At least the browser needs to maintain some list of extensions that are known for the harmful behavior. Besides, it may need to perform some heuristic analysis to find such an add-on among installed extensions, including the offline mode. Finally, Microsoft may use some AI, including the locally running model.

Source

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.