Questions tagged [microsoft-edge]

Microsoft's newest browser, known as Spartan during development, replacing Internet Explorer as the default browser on Windows 10 and onwards.

21 questions
32
votes
2 answers

Smart-Screen filter still complains, despite I signed the executable, why?

First and foremost, this is my very first experience with Code Signing. I bought Standard Code Signing from Certum for 3 years. I intend to publish applications in Czech republic mostly. But to the point, on Windows 10, when I download the signed…
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
12
votes
2 answers

Iframe inheriting parent's Content Security Policy

I have a parent page that has a Content Security Policy on it. The main purpose of CSP is not to prevent XSS, but to prevent network access. This page has to run some user generated/submitted HTML/CSS/JS. I am running this user content in an iframe…
tapananand
  • 340
  • 3
  • 17
8
votes
1 answer

Does Microsoft Edge (Spartan) share Cookies, Cache, Passwords, or TLS Certificates with Internet Explorer?

Windows 10 was released with a new browser called Microsoft Edge. Interestingly, Internet Explorer is also installed on the same default install. Given that Chrome and Firefox tend to separate their cache, or even root certificate handling from…
4
votes
0 answers

Saved password store on Android Edge browser

Does anyone have knowledge, or better yet, a reference document showing how and where passwords are stored when using the Edge browser on Android? I'm assuming it's going to be SQLite, as I understand Chrome does on Android, but looking for any one…
Andrew C
  • 49
  • 1
3
votes
1 answer

Localhost loopback risk

By default, access to [::1] and localhost are disallowed in Microsoft Edge. One way to workaround this is to enable it in the about:flags page: On that label it also says (this might put your device at risk). What risks am I exposing myself to by…
rink.attendant.6
  • 2,227
  • 4
  • 22
  • 33
2
votes
1 answer

How do browsers import password data from other browsers?

Specifically, how did the new Microsoft Edge (based on Chromium?) import my passwords from Google Chrome (which are synced to my Google account and supposedly secure)? I'm on Windows 10. Does Windows have a standard password exchange medium? What is…
user1857492
  • 135
  • 4
2
votes
2 answers

Resolving "This website has been reported as unsafe" (Windows Defender SmartScreen)

I had a website that was compromised—the attacker planted malware that caused a redirect to a malicious site. The security holes have now been fixed and the malware has been removed. However, Microsoft Edge is still showing the message "This website…
David
  • 185
  • 1
  • 1
  • 7
2
votes
1 answer

Odd Proxy setting in Microsoft Edge

Today I encountered odd proxy settings on a user's Windows 10 installation. Microsoft Edge had the proxy set to: use proxyserver The address field was set to: ...os=127.0.0.1:51144 The "port" field was empty. The "no proxy for" field was set…
2
votes
3 answers

How secure is the native browser password autofill?

Safari, Chrome, Firefox, Edge, and IE all either have a suggest-password feature, or password archival feature. How secure are these passwords when stored on a computer? If replicated, how secure are they on the cloud host? I would assume that…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
2
votes
2 answers

Script injection on all browsers

I have something injecting a script into all web browsers that I have tried - Firefox, IE, Edge, Chrome - and it doesn't look like an extension (since it is doing so in different web browsers). I suspect it's either a process injection or some…
1
vote
0 answers

Third-party P3P extension for Internet Explorer or Edge

P3P has been removed from Internet Explorer and Edge in Windows 10. Is there a third-party browser extension that, as a cookie filter, reads compact privacy policies and allows or blocks cookies based on the privacy policies? Just like Internet…
1
vote
0 answers

How is Firefox importing credentials from other browsers without the need for the admin password?

Im currently looking into the security of different browser password storing mechanisms. My main focus lies on the new Chromium based Microsoft Edge browser. As far as I can see, Chromium based browsers use the system's credential manager / keychain…
1
vote
0 answers

does pasting a url into a chrome file upload dialog box (windows process) have security issues?

When using Chrome and I select a file for upload on a website that accepts files, a Windows dialog box appears for me to select a file. I can then paste a URL address for a file in the dialog box, and explorer.exe then invokes a process to download…
1
vote
0 answers

LastPass Secure Notes Leak? - Is Spell Check and Typing Telemetry of LP Secure Notes a Significant Leak in Windows 10 Edge Extension

LastPass is the first and only password manager extension for Windows 10 Edge in the Microsoft Store (Fall 2016). The LP Secure Notes appears to use the standard Msft spelling engine and dictionaries. My understanding is that usage data from inking…
BillR
  • 219
  • 1
  • 8
0
votes
0 answers

New IQ Option Messages in Microsoft Edge even though I've never used their service

All of a sudden I started receiving pop-ups on my Windows PC from this company IQ Option offering virtual money and demo time. Why are they messaging me through my Microsoft Edge browser? I didn't even visit their website or open an account. Some of…
1
2