MS Edge Chromium? or Chrome?

Silver Contributor

Ok, so I'm using both Edge Dev, and Edge Can... so why am I getting asked Questions about Chrome?

Should everything asking about Chrome have been eliminated by now?

 

See examples photos below...   First is from Edge Dev while on Facebook.....

chrome permissions.jpg

Second is Edge Can

Chrome extension.jpg

 

I'm not using Chome, I'm using Edge Dev and/or Edge Can...

In case you can not guess.. I have a strong dislike for Chrome/data mining/most unsecure browser out there....

 

Dennis5mile

10 Replies

@Dennis5mile  "In case you can not guess .... I have a strong dislike for Chrome/data mining/most unsecure browser out there ...."

 

I put Chrome on one of my computers in 2012 or so.  It lasted three days.  As soon as I understood (a) the depth of Chrome's lack of basic security, and (b) the inability of users to protect themselves from Google's user-data mining while using the Chrome browser, I pulled Chrome off the computer, never to return to that computer or any others that I own. 

 

I suspect that Chrome's established user base developed between 2010-2016, when Chrome knocked the pants off Internet Explorer in terms of usability and performance, and since 2016, when Edge was introduced, the Chrome user base has been held to the browser by inertia, as much as anything.

 

When Edge Chromium was released for Insider testing a month or so ago, I was pleased to see that Microsoft removed the Google user-data mining services, some to be replaced by Microsoft services and others killed off entirely.  To my mind, that disassociated Edge Chromium from the Google data mining ecosystem.  And good riddance to it, too.

 

I assumed, and still believe, that Microsoft would go to great lengths to make Edge Chromium as secure as Edge (Classic).  However a number of developments since then have given me pause. 

 

The first was that Edge Chromium was able to run in administrator mode, by user choice and by inheriting administrator rights from a program opening the browser, and worse, that other applications could inherit administrator rights from Edge Chromium.   That is downright dangerous, and warnings do not change that.   Microsoft has to rework Chrome so that it cannot run in administrator mode.

 

The second was learning that, as of yet, Edge Chromium does not run in its own kernel and is not otherwise isolated from the operating system.  Running in a separate kernel was a major security feature of Edge (Classic), and allowing Edge Chromium to run free, so so speak, is a security risk.  Microsoft has to change that in order to afford the level of security offered by Edge (Classic).

 

The third was the announcement at the Build conference that IE would be sufficiently embedded in Edge Chromium to open as a tab on an "as needed" basis.  Microsoft has done much to increase IE security, but IE isn't a secure as Edge (Classic), not by a long ways.  I'm going to be watching to see how Microsoft isolates IE running within Edge Chromium.

 

A few other minor things (for example, Edge Chromium's lack of a "clear browser history on close") come to mind, none of which are major issues in and of themselves, but enough drops fill a glass, sooner or later.

 

I remind myself that we are still in early days, and lot of development of Edge Chromium is still to come.  But I'm wary, and I intend to monitor the security aspects of Edge Chromium carefully, because I won't use an insecure browser. 

 

I like Edge Chromium, although I would like to see Microsoft move Edge Chromium as far away as reasonably possible from Chrome's deficiencies.  For the time being, I'm working to find issues and raise them with the Edge team so that Edge Chromium can come out of the box as a terrific browser.

 

 

 

I think if the current Edge Chromium team keeps going the way they are they just might find that the only/or that most of their users are going to be those that use Chrome now and that don't care about security of the browser or just don't understand the depth of how unsecure it is.  I have taken Edge Dev off as my default browser and switched it back to the Edge classic/public version.  I am loosing trust in the security of Edge Chromium with the popups of "click here to change "Chrome settings"" or "click here to set "Chrome" notifications settings" and so on......   I will keep testing it, though my use of it will be limited until I feel that it is indeed secure to use....    @tomscharbach 

And I agree with everything you posted here........

 

But, that is just my 20cents worth...

Dennis5mile

@Dennis5mile I mean... Those are just text string changes. It has nothing to do with any sort of security; just finding where it says Chrome and replace the word with Edge.

@Dennis5mile   I think that Microsoft will work to make Edge Chromium secure, for several reasons:

 

(1) Edge Chromium is not so much a browser (in the traditional consumer sense of the word) as it is a port of entry into the Microsoft ecosystem (Azure, Office 365 and so on) and that ecosystem demands a secure browser front end;

 

(2) Edge Chromium's development seems to be shaped by the needs of the business and enterprise market (think IE integration), and the enterprise market is sensitive to security shortfalls; and

 

(3) any serious security issues that emerge too soon after launch will likely sink the browser in terms of gaining market share.

 

The bottom line is that Microsoft seems to be shaping itself as "the business ecosystem", and that market is very, very sensitive to security issues.

 

So I'm not worried too much at this point.  I expect Microsoft to tightly integrate Edge Chromium into Windows Defender and to isolate the browser (as Edge (Classic) is isolated) from the operating system.

 

I share your concern about the consumer iteration of the browser, however.  Enterprises typically lock down systems through policies to minimize risk; consumers (Windows Home) don't have that option to any meaningful extent and most consumers wouldn't know what to do, anyway.  So almost all of us are completely dependent on Microsoft for basic security.

 

Adding fuel to the fire, many consumers load up their browsers with add-ons and extensions of one sort or another, and (unless carefully vetted) add-ons and extensions create an open wound just waiting for an infection. 

 

Although it takes a few clicks to do it (security through obscurity?), for example, Microsoft allows Chrome extensions to be added to Edge Chromium.   The last year or so has revealed to anyone halfway sentient that Chrome extensions are not vetted carefully enough (as we speak, yet another malicious Chrome extension has been disclosed), so why is Microsoft permitting extensions from the Chrome store to added to Edge Chromium?  It seems to me that the better course would be to allow extensions if but only if Microsoft has carefully vetted them.

 

I don't pretend to understand it.  All I can do is remind myself that it is early days in the development path and keep an eye open.

 

@Dennis5mile By looking at your images they does not seems to be a Chrome an Edge issue.

 

  • The first one is a message from Facebook itself, who believes you're using the Chrome browser, so nothing to be done by Microsoft on that case, you could try to contact Facebook about it and ask them to properly identify the browsers or just change the expression Chrome by browser.
  • The second one one seems to be a message from a browser extension that you have installed (seems to be MS Office related). If the extension was installed from the Microsoft store then you are right to comply to Microsoft, but you need to comply with the extension creator team. If the extension was installed from the Chrome store then there's nothing that Microsoft could do about it, you could try to contact the extension owner and ask him to properly identify the browser and display the correct message for each case or like I already suggested just remove the Chrome reference or replace it by browser.

@cbomtempo 

 

8puky7a

 

To be clear, this data is provided by Edge Insider. It's a conscious choice; they've set the user agent (i.e., the signal that tells everyone else what browser this is).

 

I won't presume what name Microsoft will use, but Edge Insider calls itself part of the "Chrome" family and likewise includes Chrome in its user-agent string.

 

I do hope this gets fixed properly: call Edge Edge. It's absolutely confusing to mainstream users to see "Chrome", so I hope they squash this bug instead of letting it seep into the official builds.

 

https://www.whatsmyua.info/

 

The user agent contains a ton of information. Not Just "Chrome", but also Safari and Mozilla. It tells the website what the browser is capable of. Whatsmyua is taking the wrong guess and thinking it's Chrome. It's wrong.
Go here and they will guess it correctly:
https://developers.whatismybrowser.com/

@ikjadoon Microsoft already explained that they will use `Edg` instead of `Edge` to differentiate it from

the classic version, look for "User Agent String" in https://blogs.windows.com/msedgedev/2019/04/08/microsoft-edge-preview-channel-details/ for a detailed explanation.

 

From all the engines listed on https://www.whatsmyua.info/ just one does not have the fix to properly recognize the new Edge and I created an issue for it:

 

https://github.com/3rd-Eden/useragent/issues/143<- I created this issue so the library could be updated to properly identify the new Edge

 

https://github.com/faisalman/ua-parser-js/pull/375 <- There's already an issue for it and the they have an open PR with the fix.

 

https://github.com/bestiejs/platform.js/pull/170 <- They already merged the code fix to properly identify the new Edge.

 

Having said that, I do agree with you that Microsoft needs to stop pretending to be Chrome ( https://www.bleepingcomputer.com/news/microsoft/the-new-microsoft-edge-sometimes-impersonates-other-... )... If you take a look at the current Edge Dev (76.0.152.0) online config file, it overrides the user agent to pretend be Chrome for some sites, just look for user_agent_override

https://config.edge.skype.com/config/v1/Edge/76.0.152.0?osname=win&channel=dev&clientId=[id]&osver=1...

Hi @Dennis5mile, thank you for this feedback.  We are aware that many sites are still checking for browser by looking at the UserAgent string.  I am afraid that we will be seeing this kind of check go on for a long time.  It might help for me to create a thread that allows people to add sites that have compatibility or browser identification issues.

 


@cbomtempo wrote:

Having said that, I do agree with you that Microsoft needs to stop pretending to be Chrome


Thanks to so many websites doing UA sniffing for entirely the wrong reasons (trying to detect what features to enable in a given browser), this can't really happen while still expecting sites to work normally. While it can be argued that this is the website's problem, they're also not going to change, and that's the world we live in.