Microsoft is boosting the security of its Edge browser in the Creators Update, due out next month.
Microsoft outlined the changes in a blog post, focusing on the Edge sandbox.
“One of the most effective ways to eliminate vulnerabilities in complex applications is to minimise the amount of code that an attacker can try to find vulnerabilities in,” noted Crispin Cowan, senior program manager for Microsoft Edge. “This is often referred to as attack surface reduction and it is a key tactic in our overall strategy security.”
He added: “To this end, Microsoft Edge in the Creators Update of Windows 10 has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.”
In short, Microsoft is reducing the amount of code available to attackers by fine-tuning the sandboxer to have a “much tighter fit”.
The other main change is tweaks to brokers, which are “interfaces that provide access to resources according to a defined policy”.
“Brokers exist to grant access according to policy, e.g. the File broker allows a website to say ‘upload a file by browsing your files’ and the user gets to pick the file to be uploaded, without giving the web site access to all of the user’s files,” Cowan explained.
The Creators Update will cut off access to as many brokers as possible, with added exploit mitigation technologies built into those remaining.
Cowan said the combined changes will entirely block some attacks and reduce threats in other areas. “While attack surface reduction does not guarantee that an attacker cannot escape the sandbox, it does dramatically reduce the opportunities for attack, much like reducing the number of windows and doors in a fortress,” he said. “In addition, the enabling of additional exploit mitigations for the brokers that Microsoft Edge is legitimately able to access also increases the difficulty of exploiting vulnerabilities that remain.”
[relatedYouTubeVideos relation=”postTitle” max=”1″ class=”horizontal center bg-black”]