Microsoft Edge inherits Internet Explorer’s security holes, does that mean is it any more secure?
Earlier this year, Microsoft introduced Edge, its new in-built browser as a classical vintage replacement for Internet Explorer, with the claims that it not only provides faster performance and improved features but it is also dependable and more safe than the old browser. This also meant that by default it was more safer than Google’s Chrome or Mozilla’s Firefox browsers.
However, according to the recent security bulletins released by Microsoft shows that a major part of the found vulnerabilities are shared by Microsoft Edge and Internet Explorer, that could be pointing at the vulnerability of the new browser just like its predecessor. At least, in some aspects.
An analysis of the last five-months’ worth of monthly software updates shows that Edge had 25 vulnerabilities shared with versions of Internet Explorer, which had a total of 100 vulnerabilities.
Many users started switching to Google Chrome or Mozilla Firefox in search of a browser that would protect their privacy while browsing the web, as the security of Internet Explorer was often criticized. However, Microsoft now claims that Edge is capable of offering at least the same level of protection.
But, Microsoft rolled out patches for both Internet Explorer and Edge: MS15-124 for the former, and MS15-125 for the latter this Monday.
Woody Leonhard, an Infoworld writer and researcher, is suspicious that Edge has been built on “a rotten old foundation.”
“Looking at yesterday’s Patch Tuesday announcement and the one for November has me wondering how much of this improved security is new bananas – and how much is built on a rotten old foundation.
“For example, yesterday Microsoft released MS15-124, a cumulative update for Internet Explorer, alongside MS15-125, an analogous patch for Microsoft Edge.
“Out of the 15 CVE holes plugged in Edge, 11 of those same holes were also plugged in IE.
“Looking back at November’s Patch Tuesday, all four of the CVEs fixed by Edge’s MS15-113 were also identified as fixed problems with IE’s MS15-112.
“That’s not a coincidence.”
However, on the other hand, Edge also had four unique security bugs that did not exist in Internet Explorer.
Even a company spokesperson confirmed that these vulnerabilities exist in both browsers, Edge and IE, because they share part of the code, even if Edge comes with a completely new engine.
“Edge shares a universal code base across all form factors without the legacy add-on architecture of Internet Explorer. Designed from scratch, Microsoft does selectively share some code between Edge and Internet Explorer, where it makes sense to do so.”
While currently there is no clarity as to how much of the code exists in both Internet Explorer and Edge, it is very evident that the two browsers could still be affected by the very same vulnerabilities in the next months as well.
In terms of speed and reliability, Edge is indeed superior but it still lacks key functionality, such as support for extensions. However, Microsoft has promised to resolve all of these with future updates, including the Redstone release coming in 2016.
Also, older versions of Internet Explorer will be retired by mid-January, giving users about a month to upgrade to Internet Explorer 11, or to Edge on Windows 10.
