Skip to main content

Microsoft Edge gets hit with the same serious security bug that plagued Chrome

Microsoft just released an Edge browser update that patches a dangerous flaw that could allow a cleverly designed attack to execute arbitrary code. While every security update should be installed promptly, this one is a bit more urgent because the attack is “in the wild” already, meaning that hackers are already taking advantage of this vulnerability to breach security.

Designated CVE-2022-2294, this vulnerability was actually a flaw with the Chromium project, the open-source code that Google’s Chrome browser is built upon. Microsoft uses the same base code for the Edge browser, meaning bugs that affect one often plague the other. Google patched the same bug recently and has been keeping quiet about details of the attack to allow others to make similar fixes, since Chromium is quite a popular codebase.

The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.
Image used with permission by copyright holder

Microsoft recommends updating your browser as soon as possible, as there’s a chance this bug is already impacting PCs. Without the update, hackers could launch attacks that give them full control over your computer, showcasing how severe this security risk is.

Recommended Videos

How to protect yourself

To update Microsoft Edge, click the three horizontal dots at the upper-right to open a menu of options, choose Help and feedback, then About Microsoft Edge. In most cases, the update should have already been downloaded or could begin downloading. If not, start the update manually.

The About Microsoft Edge page is where you can update.
Image used with permission by copyright holder

When the download is complete, the Edge browser needs to be restarted to complete the installation. Click the Restart button or close and reopen Edge to get a fresh start. At this point, it’s safe to browse again without concern about this particular bug.

Microsoft recommends choosing automatic updates for the Edge browser, which is possible from the same page. If there is an option to Download and install updates automatically, it would be wise to enable it to get security updates as quickly as possible. Download over metered connections might also be seen and implies using a cellular connection. Since updates can sometimes be large, this option might be best left off unless using an unlimited plan.

Alan Truly
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more
Microsoft Edge’s latest feature keeps you even more secure when browsing
Microsoft Edge browser on a computer screen.

The latest version of Microsoft Edge has a new hidden feature to keep you secure when browsing online. Known as "Super Duper Secure Mode," the feature improves the performance of websites and disables a browser engine commonly abused by hackers.

According to Microsoft, Super Duper Secure Mode works in two ways, balanced and strict. Balanced will learn what websites you use and trust them to use Just in Time Engine (JIT), which speeds up tasks in JavaScript. Strict, meanwhile, can break some websites, but will disable the Just in Time Engine for better security. Edge users can also add their own exceptions as they see fit.

Read more
Update Google Chrome now to patch this critical security flaw
A MacBook with Google Chrome loaded.

You might want to update your Google Chrome web browser right away. Google recently issued a critical security update for Chrome, patching up 11 security issues, including two zero-day vulnerabilities that were exploited in the wild.

Released on September 13, Google first listed the patched vulnerabilities on the Chrome Releases blog. Full details are being withheld for security reasons, as Google wants a majority of users to update first.

Read more