Microsoft Browser Vulnerability Research (original) (raw)

Saved passwords in Edge memory: what we're changing and whyBrowsers help protect some of the most sensitive data people have, including passwords. That’s why we continuously review how Edge handles that data, and where we can further reduce exposure throug...

Using Markov Models for Password Complexity Estimation in Microsoft EdgeDespite recent advancements in adoption of passkeys, passwords remain one of the most widely used authentication mechanisms on the web, yet repeated studies have demonstrated that humans are partic...

Securing the Future: Changes to Internet Explorer Mode in Microsoft EdgeIntroduction The digital threat landscape is in a constant state of flux, with attackers perpetually seeking new avenues to compromise users and corporate environments. As a result, the Edge brows... Oct 8, 2025 Vulnerabilities

Browser Security Bugs that Aren't - #2: Web AttacksIn a previous blog Browser Security Bugs that Aren’t we covered some of the most common submissions to Microsoft Edge’s Bug Bounty program but which unfortunately do not qualify for a reward. The p... Oct 21, 2024 Vulnerabilities

Mitigating RIDL Side-Channel Attack in Microsoft Edge on WindowsWhat is RIDL and Why Should you Care? In 2019 researchers from Vrije Universiteit Amsterdam shared details of a new side-channel attack which they coined “Rogue In-Flight Data Load” (RIDL). It was... Jun 24, 2024 Vulnerabilities, Mitigations

Making Mojo Exploits More DifficultIntroduction Today, we’re excited to announce a new security protection in Microsoft Edge and other Chromium-based browsers that defends against attackers being able to leverage an exploit in a Re... Mar 13, 2024 Vulnerabilities, Mitigations

Browser Security Bugs that Aren't - #1: Local AttacksIntroduction Hello and welcome to the first in a new series of blog posts in which we will discuss some issues that are commonly reported through our Researcher Incentive (Bug Bounty) Program, but... Jan 2, 2024 Vulnerabilities

Escaping the sandbox: A bug that speaks for itselfIntroduction In this blog post, we will share the story about how we discovered a critical stack corruption bug that has existed in Windows for more than 20 years (CVE-2023-36719). The bug was fou... Nov 14, 2023 Vulnerabilities

Behind the Scenes: How we are securing our new PDF stackAs we recently published on the Microsoft Edge Dev blog, Adobe and Microsoft are enhancing the PDF experience and value users have come to expect in Microsoft Edge. Adobe brings an unrivalled bre... Feb 8, 2023 Vulnerabilities

Guest Blog Post - Memory corruption vulnerabilities in EdgeIntroduction Memory corruption issues in the browser process are typically some of the most severe issues in Chromium and browsers that are based off it. Such issues can include use-after-free (UA... Oct 17, 2022 Vulnerabilities, Exploit