Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser.
Edge enables developers to (also known as sideloading) for testing purposes before publishing them to the store by toggling the "Developer Mode" option on the Extensions management page and clicking the "Load unpacked" button.
However, users can also sideload third-party extensions that aren't distributed through official channels and aren't scanned for malware.
While users can remove dangerous extensions via the Extensions management tab by clicking the "Remove" link in the extension card, it's usually too late if threat actors have tricked the user into installing them, as shown by attacks that have affected hundreds of thousands of users in recent years and can also hosted on official add-on stores.
However, as Redmond on Thursday in the Microsoft 365 roadmap, "Microsoft Edge will detect and revoke malicious sideloaded extensions."
Although the company didn't provide further details on how these dangerous extensions will be identified, the new security feature is set to launch in November for standard multi-tenant instances worldwide.
In recent months, Microsoft has updated the "Publish API for Edge extension developers" to and the browser extension update process. It has designed to warn users of extensions that negatively affect Edge's performance.
In February, it also for the Edge web browser, which utilizes machine learning (ML) to detect by detecting signs of scareware scams in real-time using a local machine learning model.
This month, Microsoft in Microsoft Edge, which automatically upgrades HTTP connections to HTTPS when possible. Additionally, starting with Edge v140 (released in August), the web browser will to save memory.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
